Follow

Info: Active Directory Connector Platform-Specific Settings

Applies to: 

TPP Version 21.2 and higher

Summary: 

In some environments, it may be recommended that the Venafi AD Connector settings be applied on a per-platform basis. Beginning with TPP version 21.2, the AD Connector Wizard (found in the "Connectors" section of the Venafi Configuration Console (VCC)) allows for the following platform-specific configurations:

  • Choose Domains and Controllers Specific to this Platform
  • Disable Rediscovery for this Platform

These settings, if used, will need to be configured in the VCC for each TPP server that will leverage platform-specific settings. For example, if you don't want any TPP server to automatically rediscover domain controllers, you will need to re-run the Active Directory Connector Wizard and check the box for "Disable Rediscovery for this Platform" on each and every TPP server. With TPP version 22.4 and above, you can disable global rediscovery from the VCC.

Alternatively, if you do not want to use platform-specific settings, you can leave both these options unchecked. This will change the values for the "Default" settings for that Identity Connector. These default values will be automatically populated in the AD Connector Wizard when re-running the Wizard on another TPP server.

NOTE: Be sure to restart Venafi services and IIS on all TPP servers when finished changing AD Connector settings. In some instances, it may be necessary to stop Venafi services and IIS on all TPP servers before re-running the AD Connector Wizard, then starting all the Venafi services and IIS after the changes are complete on all TPP servers (VCC: Domain Controllers and Global Catalog configuration doesn't save correctly after Disabling Rediscovery for This Platform option. – Venafi Customer Support).

More Information:

Prior to 21.2, the AD Connector Configuration attribute was set in XML on the Support Tab for a given connector (Identity Tree -> Identity providers -> AD Connector -> Support). 

Example:

AD_Support_XML.PNG

After 21.2, this method of handling the attribute is not used. This attribute now displays the "default" and platform-specific settings (if any have been set). Additionally, the "No Rediscovery On" attribute displays a list of each TPP server that does not have Rediscovery enabled.

Example:

configuration_and_no_rediscovery.PNG

Starting in TPP version 22.1, the default and platform-specific settings can be seen on the "Provider" -> "Settings" tab on the Identity Provider in the Identity Tree. This provides a quick summary of the "Default" configuration, platform-specific Domain Controllers, and whether Rediscovery is enabled or disabled.

Example:

provider_settings.PNG

 

Was this article helpful?
1 out of 1 found this helpful

Comments