Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 6982 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD Connect for multiple Domains

Felix Sky

We need to have two different domains sync users with Sophos Central. 

1 is already setup. We were going to add the other one of the server on the other domains, but because we have some names that overlap through both domains, we were advised that it would be better not to do this way and instead use filters to change query on the primary AD Sync. 

I looked at the documentation and it's useless.

 

Can someone suggest how add two LDAPs to the same AD Sync? (Domains are in a two way trust)

 

 

 

Thank you!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Felix Sky,

    Which documentation are you referring to ? Could you please provide the link so that we can review it and update it accordingly ?

    As for steps,  please look at this document and let us know if any clarification is required:
    Sophos Central Admin AD Sync Utility filters
    Note: AD Sync Utility supports multiple domains; as a result it's important to remember that you may need to setup filters on each domain.

    To set up the filters, please have a look at these steps 

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    Hello. Thanks for responding. The documentation you linked is the same documentation I am referring to.

     

    Let me try to explain again

    1. We have our domain that is being synced to Sophos using the AD Sync utility on a server in our domain

    2. We merged with another company and they have their own domain. We have trusts between the domains

    3. Both companies use the same Sophos Central account

    4. We do not want to set up another sync on one of their servers because we have duplicate users in both domains and that may cause issues during the sync

    5. We were told that we can use filters in the current utility to import\sync users from the other domain

    6. I've looked at the documentation and I don't see anything that would help me with syncing users from the other domain using the sync utility on our end.

     

     

    Thank you !

  • 0 in reply to Felix Sky

    Hi Felix Sky,

    The available filters for LDAP are the ones listed in the documentation.  We do not provide custom queries, however you can construct your own  and give them a try by using the sync and preview option: (scroll until you see the "Note" section)  How does the AD Sync tool match AD users to Central users already created

    If your concern with multiple users is related to licensing, please keep in mind that a user with no devices associated will not use any licenses of any type. Otherwise, you should not experience any other issues when using AD Sync on both domains (I still recommend that you use the preview feature so you know what to expect ). 

     

    Regards,

    Barb@Sophos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

     

  • 0 in reply to Barb@Sophos

    This is ridiculous. Just ridiculous. I am getting the same template answer here as I am from one of your colleagues that I posted on Spiceworks. And your tech support is taking 3 days to respond to my ticket. Definitely going to speak with our account manager.

    I do not understand how our domain can talk to the other domain using the sync utility installed on our domain.

    Your documentation and responses do not answer my question. I am not asking you create queries or anything else. I am trying to understand how our sync utility will be able to access the other domain. None of the documentation or videos or anything else explain that to me.

Reply
  • 0 in reply to Barb@Sophos

    This is ridiculous. Just ridiculous. I am getting the same template answer here as I am from one of your colleagues that I posted on Spiceworks. And your tech support is taking 3 days to respond to my ticket. Definitely going to speak with our account manager.

    I do not understand how our domain can talk to the other domain using the sync utility installed on our domain.

    Your documentation and responses do not answer my question. I am not asking you create queries or anything else. I am trying to understand how our sync utility will be able to access the other domain. None of the documentation or videos or anything else explain that to me.

Children
Unfiltered HTML