Changing Active Directory server when using SSL VPN authentication

Question

Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation: 
 -I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos Connect client. -Sophos VPN+User Portal authentication is configured using Active Directory over STARTTLS. -I am in the process of replacing their old 2012r2 domain controller with one running 2022 OS. The domain is not changing, but the old DC will be completely removed. 
 My question is, what will happen when I add the new AD server into Sophos (Configure>Authentication>Servers) and import the users? 
 Will every user have to log into the user portal to re-download their VPN config files? Will connected users be kicked off when I add the new server and remove the old one? Will everything just keep working as usual?

LuCar Toni · Accepted Answer

You never import users from a AD. You import the groups. 
 So to speak, if you change the AD from A to B, SFOS will try to authenticate the same users against server B and if server B gives an positive answer, nothing will change. 
 Please get an backup before doing this change.

Changing Active Directory server when using SSL VPN authentication

Top Replies