OIM provisioning to Multiple Domain Controllers of a single Domain

Similar Messages

• Multiple SOA clusters within a Single Domain

  Hi All,
  We're looking at a scenario where there would be multiple SOA clusters within a single domain. Would that be possible to do? I mean I can create multiple SOA clusters but it seems that applications deployed to one of the 2 SOA clusters seem to go into an inconsistent state. Please advise. Thank you.

  This is just because all SOA servers in a domain will refer to one(same) SOAINFRA schema for SOA deployments info and hence belong to same logical group (cluster) and that's the reason why you cann't even have two separate SOA managed servers without a cluster.
  Regards,
  Anuj

• Create multiple SOA Clusters in a single domain?

  Is it allowed to create multiple SOA Clusters in a single domain with both SOA Clusters sharing the same soa-infra schema but deploying different composites?
  Create a domain with
  - Admin server (AdminServer)
  - SOA_Cluster1
  -soa_server1
  -soa_server2
  - SOA_Cluster2
  -soa_server3
  -soa_server4
  SOA_Cluster1 will need to deploy servcies A, B and C and SOA_Cluster2 will have services A, D and E. Is there any documentation which can help us with this?

  Thanks for the document link but it seems that the document was created only yesterday. Can you elaborate on "only one set of SOA schemas is allowed per SOA domain/cluster". I was able to build another SOA cluster_2 to my existing domain with SOA_cluster1 pretty successfully. The only problem was the internal JMS queues were configured as Uniform Distributed. hence i was not able to point them to 2 clusters.

• Multiple EAR files in one single domain ?

  can i deploy multiple EAR files in single domain
  thanks,
  KM

  I'm not sure what a "domain" is in this context. I suppose it depends on the J2EE server you're using. Weblogic has something called a "domain", and sure in that server you can deploy multiple EARs in one domain, and there can be multiple domains.

• Are multiple VXI controllers in a single chassis allowed?

  I am currently searching for a VXI controller card that:
  1) Accepts two input buses (USB/MXI-2, or USB/IEEE).
  -or-
  2) Is it possible to have two USB VXI controllers in the same chassis? I believe it is possible to have two IEEE controller cards in the same chassis.
  My task is to see if it is possible to have two independent computers talking to the same VXI chassis. Arbitration would be an issue leading me to suspect that question (1) would be the most hopeful. Any information is highly appreciated.
  Sincerely,
  Bill B.

  Bill,
  One of the advantages of VXI is the multiple controller option.
  Without know more about your application, here's a couple possibilities that may help:
  1. If continuous monitoring is primary AND there's a PCI DAQ card that meets your needs, then consider using a VXI-USB controller in Slot 0 for communication to a host and a VXI-872B with an internal PCI slot for monitoring the voltages.
  2. If multiple host monitoring is primary AND there's a PCI DAQ card that meets your needs, then consider using a VXI-872B in slot 0. The multiple hosts can use ethernet and client/server software to talk with the 872B.
  3. If you need VXI-based DAQ boards, then you could possibly use a VXI-USB controller in slot 0 and use the 872B to monitor the VXI DAQ board. The PC connected to the USB controller could potentially broadcast to others via ethernet.
  Hope this helps,
  Alex.

• How to setup multiple DNS zones in a single domain

  We have a small charter school running a Mac Open Directory network on a single subnet with a single registered FQDN for its internal domain. We are about to open a second school within a wing of the same building which will also be on a Mac Open Directory domain, but since it is legally a separate school (just administered by the same staff) it needs to be on it's own subnet and have its own LDAP directory.
  Is there a way to program DNS between the two schools so that DNS traffic can be routed between them without breaking the DNS and Open Directory/Kerberos realms of either? Both schools will share the same internal domain name. Is it as simple as creating two primary DNS zones on each other's nameservers, both using the same domain name but each having its own designated nameserver for that particular subnet?
  For instance, the existing school is running DNS on server1.example.com within the 10.39.54.0/23 subnet. The second school will be running DNS on server2.example.com within the 10.39.56.0/23 subnet. Would I then simply create two primary zones within each subnet, one referring to its own with itself as the nameserver and one within the neighbor subnet referencing that subnet's server as the designated nameserver.
  Or would I do this with each schools DNS servers searching through its own subnet as its primary zone with the neighbor zone being added as a secondary zone?
  Thanks!

  You have two options.
  Use a DNS server with a single internal domain example.com and have (as you said) server1.example.com
  If the two subnets are on separate networks either via a router or VLAN, then you could run a separate DHCP server on each and advertise the appropriate DNS server for that subnet.
  Otherwise you could have a single DNS server and either single DHCP advertising that single DNS server and have both server1 and server2 in the single DNS zone, or a DHCP server in each subnet but still pointing to the same single DNS server.
  Each of these two servers would be an Open Directory Master
  Note: in DNS terminology a DNS 'zone' is the same thing as a Domain Name.
  The second option which if you want to keep the two 'schools' completely separate is to do the following
  Use a DNS server per subnet
  Use a DHCP server per subnet
  Use a different domain name per school e.g. school1.com and school2.com
  Create a server record on each as appropriate e.g. server1.school1.com and server2.school2.com
  You cannot have a single DNS server have two identical zones e.g. example.com and example.com as they are of course the same thing.
  If the two schools will merge officially at some point it might be better to use the same domain name, if they are going to fully split then definiately it is going to be better to use two different domain names.

• Creating New (multiple) server instance for a single domain

  Hi,
  I am trying to create a new server instance under a domain and deploy a web application under that.
  Ex:
  I have domain: ABC
  default admin server: Admin_server
  New server Instance: server2
  New server instance: server3
  I deployed a webapplication on "Admin_server" and when i try to access the webapplication it works fine.
  But when i try to deploy the same webapplication(or a new webapplication) i do get a nullpointerexception error.
  I am new to weblogic and hence a bit lost here.
  Also when the admin server "Admin_server" is created for domain "ABC" a new folder called "Admin_server" would be created under "ABC" [EX: C:\bea\user_domains\ABC\Admin_server]
  the "Admin_server" would have a upload dir under which the webapplication files/folder would be deployed.
  I was under the impression when u create a new server instance "Server1" a simliar dir structure would be created but this is not the case.
  I am new to weblogic and this seems to a minor config which i am missing.
  Any suggestions , hints would be appreciated

  The node manger is installed as a service. I am using Nodemanager to start the managed server.
  Actually now i have created a new domain DCM and the admin server is DCM_ADMIN. i deplyed a web app called DCM on this and do get the error. This is what exactly i got when deployed on a managed server [tested this on a different domain - but then it did work on the admin server]
  ERROR:
  Error 500--Internal Server Error
  java.lang.NullPointerException
       at com.documentum.web.formext.config.ConfigService.(ConfigService.java:565)
       at com.documentum.web.formext.config.ConfigService.getInstance(ConfigService.java:68)
       at com.documentum.web.formext.config.ConfigService.getConfigLookup(ConfigService.java:83)
       at com.documentum.web.formext.config.ClientEnvQualifier.bindHttpRequest(ClientEnvQualifier.java:142)
       at com.documentum.web.env.WDKController.setBindings(WDKController.java:372)
       at com.documentum.web.env.WDKController.doStartRequest(WDKController.java:150)
       at com.documentum.web.env.WDKController.processRequest(WDKController.java:88)
       at com.documentum.web.env.WDKController.doFilter(WDKController.java:79)
       at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
       at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6987)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
       at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
       at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
       at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
       at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
       at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
  MY config.xml
  <?xml version="1.0" encoding="UTF-8" ?>
  - <Domain ConfigurationVersion="8.1.5.0" Name="DCM">
  - <Server ListenAddress="" ListenPort="1120" Name="DCM_ADMIN" NativeIOEnabled="true" ReliableDeliveryPolicy="RMDefaultPolicy" ServerVersion="8.1.5.0">
  <SSL Enabled="false" HostnameVerificationIgnored="false" IdentityAndTrustLocations="KeyStores" Name="DCM_ADMIN" />
  </Server>
  <JMSFileStore Directory="rmfilestore" Name="FileStore" />
  <WSReliableDeliveryPolicy DefaultRetryCount="10" DefaultTimeToLive="60000" Name="RMDefaultPolicy" Store="FileStore" />
  <Security Name="DCM" PasswordPolicy="wl_default_password_policy" Realm="wl_default_realm" RealmSetup="true" />
  <EmbeddedLDAP CredentialEncrypted="{3DES}f42Gd5I8pTqrAXW1bntpvYdF9kQxUOm0+Sf9Liq9Wrg=" Name="DCM" />
  <SecurityConfiguration CredentialEncrypted="{3DES}yA8jh/8xZqf+6HyuA5YesVFLKkpMBpCfOgJ7Gf0G+qOce7Pr8dtby+FnJY3lYu/7p5vqYw7Yw36vk98Vqb6P3ZE/bnahPhwu" Name="DCM" RealmBootStrapVersion="1" />
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm" />
  <FileRealm Name="wl_default_file_realm" />
  <PasswordPolicy Name="wl_default_password_policy" />
  - <JMSServer Name="WSStoreForwardInternalJMSServerDCM_ADMIN" Store="FileStore" Targets="DCM_ADMIN">
  <JMSQueue CreationTime="1141142209450" JNDIName="jms.internal.queue.WSStoreForwardQueue" JNDINameReplicated="false" Name="WSInternaljms.internal.queue.WSStoreForwardQueueDCM_ADMIN" />
  <JMSQueue CreationTime="1141142209653" JNDIName="jms.internal.queue.WSDupsEliminationHistoryQueue" JNDINameReplicated="false" Name="WSInternaljms.internal.queue.WSDupsEliminationHistoryQueueDCM_ADMIN" />
  </JMSServer>
  - <Server ListenPort="9201" Name="DCM_TEST" ServerVersion="8.1.5.0">
  <ServerDebug Name="DCM_TEST" />
  <SSL IdentityAndTrustLocations="KeyStores" Name="DCM_TEST" />
  <KernelDebug Name="DCM_TEST" />
  <Log Name="DCM_TEST" />
  <ServerStart Name="DCM_TEST" OutputFile="C:\dev\bea\weblogic81\DOMAINS\DCM\.\NodeManagerClientLogs\DCM_DCM_TEST\startServer_02_28_2006-10_58_26-1.log" PasswordEncrypted="{3DES}zluy0BrZ/DYTcUwAKEgovg==" Username="elisadmin" />
  <WebServer Name="DCM_TEST" />
  <COM Name="DCM_TEST" />
  <IIOP Name="DCM_TEST" />
  <JTAMigratableTarget Name="DCM_TEST" UserPreferredServer="DCM_TEST" />
  <JTARecoveryService Name="DCM_TEST" />
  </Server>
  - <Application Name="da" Path="C:\dev\bea\weblogic81\DOMAINS\DCM\DCM_ADMIN\upload" StagingMode="nostage" TwoPhase="true">
  <WebAppComponent Name="da" Targets="DCM_ADMIN" URI="da.war" />
  </Application>
  </Domain>

• Windows Domain Controller certificate for non domain clients

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Regards

  Hi,
  Is it possible that we can export windows domain certificate and use it for non domain computers without joining domain, so that they can communicate each others without joining domain controller?
  Not sure that what you want to achieve here.
  However, yes, it is possible to export certificates (with private keys) from domain machines then import them to non-domain machines, and some certificates can even function well based on key usages. Please note that Domain Controller certificates are only
  meaningful to Domain Controllers. Possession of domain certificates doesn’t indicate machines are part of domain.
  Without joining a machine to a domain (or without a trust), the machine is always treated as untrusted by the domain members no matter what kind of certificates it holds.
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Enter the forest and it locks me out of entering the domain controller or any child domains

  Using Windows Server 2008 R2 SP1, no matter if I use the Graphical User Interface (GUI) or the Answer Method to enter the forest and it locks me out of entering the domain controller or any child domains. 
  Is there a remedy to this?

  Hi Philo,
  Would you please tell us that how did you try to enter the forest?
  Are you able to run dcpromo to add domain controllers or create child domain?
  Best Regards,
  Amy

• How to provision multiple AD Accounts to a single User Profile in OIM

  Hi,
  We are using OIM 11g R2. We have implemented AD Provisioning/Reconciliation using Active Directory 11g Connector.
  The correlation rule for linking AD accounts with OIM during target recon is set as “Email ID”
  We have some business requirement where we want to provision multiple AD Accounts to a single User Profile in OIM.
  Issue we are facing:
  Suppose we have USERID1 in OIM which has email id as USERID1@ XYZ.COM .
  After that we have provisioned sAMAccountName=USERID1 (Email ID as USERID1@ XYZ.COM )& sAMAccountName=USERID2 (Email ID as [email protected]) to the user User Login = USERID1 in OIM.
  Both the AD User accounts can be seen as provisioned.
  After we run the AD Target Recon, the target recon is failing because of “Multiple Process Matches Found” issue.
  Question here is:
  Is it possible to maintain/manage multiple AD Accounts (Same AD is used for all the multiple AD Accounts) to a single OIM profile user ?
  Regards,
  J

  Hi,
  We have seen its working and linking multiple accounts when we have Key field as "User ID" in the Process Defn & RO and the recon matching rule has email ID as the matching rule.
  Please suggest, if we are having the above kind of rule/config...will it not cause any issue?
  Regards,
  J

• Cannot have multiple domain controllers with Essentials role in 2012 R2 Standard/Datacenter

  Microsoft's Technet post on deploying Essentials Role in an existing AD environment states the following:
  "The online service integration features only work when the server is a domain controller. Also, integration cannot be initiated if there are multiple domain controllers in the environment. The product team is investigating possible solutions."
  http://blogs.technet.com/b/sbs/archive/2013/10/28/enabling-multiple-instances-of-windows-server-essentials-experience-in-your-environment.aspx
  Microsoft Essentials Role product team, can you let us know when this will be fixed? I will not be installing Essentials as a Role if I cannot have multiple domain controllers.
  As soon as I add another domain controller the Essentials role no longer functions as designed.
  This is quite an oversight by your team. Can we have an ETA for a fix to this please?
  Here are more with the same issue:
  http://social.technet.microsoft.com/Forums/en-US/ed34abe9-6412-415d-950a-50c9675deb2e/unable-to-register-essentials-experience-role-with-microsoft-online-services?forum=2012R2EssentialsPreview

  Hi. We can't give ETA. Most user there that help does not work for Microsoft. (and if a Microsoft's employee help, then it's on it's free time at home or during break)
  Thus, for that reason, please call the support to get a good answer on the ETA is it's planned or not. Be advised that the essential's version replaced the SBS, thus it target small office, such limitation can stay for a long time IMO.
  Regards, Philippe

• Announcing the availability of enabling Windows Server 2012 R2 Essentials' integration of Microsoft online services in environments with multiple domain controllers

  In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
  have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials. 
  I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed.  This update adds support for both Azure
  Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
  For more information, please go to
  http://support.microsoft.com/kb/2974308

  Hi JoeBeck,
  Thanks for the comment. Could you please tell which link you clicked to download?
  Please go to PinPoint check details and start download
  http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
  Thanks,
  Shanghai Wicresoft

• Essentials 2012 R2 Exchange Integration with Multiple Domain Controllers

  Attempting to integrate Exchange Server 2012 with the Essentials wizard results in the error message: "This task must be performed on the domain controller." I've found several threads that speculate this is because there are multiple domain controllers
  in the domain. Is there a workaround or patch available to resolve this issue? Why wouldn't Microsoft want the redundancy of multiple DCs?
  Thanks.

  Hi HartmannTek,
  I agree with Robert.
  We can get the following information from the article:
  Services Integration Overview for Windows Server 2012 R2 Essentials - Part 1. Please refer to.
  Currently, the Services Integration features, including Windows Azure Active Directory integration, Office
  365 integration, Windows Intune integration, and on-premises Exchange integration, are only supported in a single domain controller environment. In addition, the integration wizard must be run on a domain controller.
  Hope this helps.
  Best regards,
  Justin Gu

• Provision one OIM account to multiple resource accounts

  Hello everyone,
  We have a requirement to provision some OIM accounts more than once to the same target source. For example provision some user to two accounts in the target source, one normal account with the same user ID and another administrator account prefixed with "HS_". Is it possible?
  Thanks in advance

  It is possible as long as you check "allow multiple" in the resource object. Also, if you want to do auto-provisioning using Access Policy, you need to be on 9.1.0.2 BP12. Earlier release doesn't support provisioning to multiple instance of a same resource object using access policy.

• Multiple AD account in single domain for a single user

  Hi,
  Does OIM support multiple AD account in single domain for a single user?
  Scenario 1 :- If the multiple accounts already exists in AD can I pull it from AD to OIM for single user.
  Scenraio 2:- Does OIM allow creation of multiple account in AD for a single user, when requested from OIM?
  Thanks,

  yes. this is possible. OIM allow this.
  obviously the recon rule would be employee number or anything other than ' sAmAccontName' for target recon
  while provisioning make sure you are generating unique sAmAccountName and Common Name(if in same OU) for same user
  If you maintain above no issue having multiple account for a sing user in single domain