• Replies 4 replies
  • Subscribers 93 subscribers
  • Views 1879 views
  • Users 0 members are here
Options
Related

Provision AD and Exchange from One Identity if DNS cannot resolve the domain

dani.uet12
over 4 years ago

Hello everyone, we recently upgraded our exchange from 2010 to 2016 in Production (Currently one IDM is connected to exchange 2010 and we have both exchange 2010 and 2016 in our production. However, soon they will decommission the 2010 version). I need to configure new project with exchange 2016 connector in Dev to test before I make changes in Production (as existing project was built using exchange 2010 connector and as per support, I cannot just change the connector instead I have to configure a new Exchange project with exchange 2016 connector).

Problem:

We don’t have a preprod AD/Exchange environment in the production domain. We have a lab setup, a separate domain and exchange (child.xyz.lan) which is not resolved by our production DNS server (Prod.xyz.lan). Therefore, I cannot connect to lab AD/exchange directly from my job server which are in production domain (IPs has to be resolved by DNS – one Identity PreReq).

Possible solutions:

  1. One way I can put my efforts into is to get one Server e.g. DevJobSrv. child. xyz. loan which is joined to lab domain and install job server there and use remote connection from my dev to that server.
  2. Another possible way could be to push IT to add DNS entry to resolve to lab domain controller (child.xyz.com 192.168.10.11<domain controller>)

I need input from community for above two possible solutions or any other approach which could tackle my problem. Appreciate your valuable inputs in this regard.

Best regards,

Daniel

  • over 4 years ago

    What version of One Identity Manager are you using?

  • over 4 years ago in reply to Markus Weiss-Ehlers

    Hi Markus,

    I am using Identity Manager verison 8.0.2

  • over 4 years ago

    Hi Daniel,

    I might be looking at this too simplistically, but why can't you simply add the necessary hostnames and ip addresses to the hosts file on the job server (and management server where you run the UI tools)?

    I have done this for target AD domains where I do not have DNS access but have a direct connection through firewalls to a specified IP address.

    I put the DC hostname in the hosts file with the relevant IP address.

    Then when the sync runs it might try and use other hostnames for GC resolution ..... I gather these hostnames and enter them in the same hosts file with the same IP as the DC.

    HTH, Barry.

  • over 4 years ago in reply to Barry Jackson

    Hi Barry, 

    Thanks for your reply. I just tested by adding entry for domain controller in the host file. On credentials page, I got the error while testing the connectivity that domain cannot be found. However, I proceeded further and while fetching the schema, I got the error msg "Object reference not set to an instance of an object".

    My job server and UI tools machines are joined with production domain and I get drop down while creating new AD related project to select either xyz.lan or Production.xyz.lan domain. Seems like 1IDM really has a dependency on DNS resolution and it cannot be resolved by such workarounds, not sure how it is working for you.

    I think I have to open port TCP/UDP 53 from job server to the LAB domain controller which is also the DNS server and modify NIC of job server to add that LAB DC as secondary DNS server. This might solve my issue.

    Best regards,

    Daniel