Synchronized UserID and username format

Problem solved. Wrong logon suffix in user account settings on the domain controller. After switching back to the domain configured on XG Firewall, synchronized UserID started to work.

MarekDalke said:

Problem solved. Wrong logon suffix in user account settings on the domain controller. After switching back to the domain configured on XG Firewall, synchronized UserID started to work.

 

Where can i find that setting? We are encountering the same Problem right now in our Setup

AD server > Active Directory Users and Computers (run dsa.msc) > User > Account Tab > User Logon Name > select the right domain from dropdown list

Does the XG cope with mulitple AD domains as we use more than one?

Hello CMR,

It handles multiple domains ok, I have used the XG on a 3 separate domain system as well as a forest with 5 subdomains and worked as expected. However, the issue you will encounter is if all the domains are on the same DCs then STAS will be unsuitable as STAS can only track one domain per software installation. If the domains are on separate DCs then that should not be an issue but make sure STAS implementations on the XG are done in separate groups so the XG does not think they are all part of the same STAS unit.

If you have multiple domains on the same DC then set up STAS for the largest domain and configure NTLM for all domains. STAS will catch the logins for the largest domain and the other domains will fallback login on NTLM when they browse.

Also, for performance, make sure you set the Base DNs as close to the User locations as much as possible else you can get slowdown during high volume login times.

Emile

Hello CMR,

It handles multiple domains ok, I have used the XG on a 3 separate domain system as well as a forest with 5 subdomains and worked as expected. However, the issue you will encounter is if all the domains are on the same DCs then STAS will be unsuitable as STAS can only track one domain per software installation. If the domains are on separate DCs then that should not be an issue but make sure STAS implementations on the XG are done in separate groups so the XG does not think they are all part of the same STAS unit.

If you have multiple domains on the same DC then set up STAS for the largest domain and configure NTLM for all domains. STAS will catch the logins for the largest domain and the other domains will fallback login on NTLM when they browse.

Also, for performance, make sure you set the Base DNs as close to the User locations as much as possible else you can get slowdown during high volume login times.

Emile

We have 100s of users across two UPN suffixes on one domain.  It is the multiple UPN suffixes that I'd like supported, I don't need multiple AD domains and I'd like to move away from STAS etc.