Distributed Job Servers

Hello all,

I have the following scenario:

1 central One Identity manager instance.

13 source Active directory ( local AD with local Exchange in place). Almost all AD used the same NETBIOS name so no trust possible to be set.


We want to move on version 8 and create sync between local AD's and central instance to sync AD object and Exchange objects.

Because no trust can be set between ADs which other option can be used?

On my mind, I have a scenario with a Job Server installed locally, responsible to collect all users, groups and passwords from the local domain and after that syncs the local job server with a central Job Server, which is connected to DB. 

I tried to search for some documentation about how distributed Job servers could be installed but I didn't fund anything.

is it someone who has any idea how can I move forward? 

Thank you


  • Hi Florin

    Unfortunately you've posted you're question into the "Active Roles" community page, rather than the "Identity Manager" community page (https://www.oneidentity.com/community/identity-manager/).  ### UPDATE ### It looks like this has now been moved into the Identity Manager community

    It might be worth asking your question there.

    Kind regards


  • Hi florin baciu,
    In general, it is possible to accomplish what you need.
    1) ARS is “per domain” product. ARS Server is not required to be a part of the domain, it manages.
    2) ARS can manage multiple domains from different forests and not trusts, given required ports open between ARS and the manage domain (authentication, ldap/gc, dns etc.).
    3) ARSync can sync two domains (not trust, as above), including groups/dl membership, user attributes and passwords.
    4) ARSync got option Remote Agent (something like that) which allows to bridge from ARS domain1/network1 to another domain2/network2 with Firewall between network1-FW-network2, given predefined port open between ARSync Server and Sync Agent,
    5) Password Sync (from Source Domain1 to Target Domain2) will require to install Password Capture Agent on each Source Domain1 DC. (Change Control)
    The details of implementation too big to for forum format, and I would recommend to discuss it offline, if needed.