Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Federated search

Created: 17 Apr 2013 • Updated: 22 May 2013 | 6 comments
This issue has been solved. See solution.

Hello,

Looking various Discovery Accelerator documents, I seem to be possible to conduct federated search from Discovery Accelerator across multiple EV deployments, I would like to know what specific minimal permissions Discovery Accelerator service account needs on the enterprise Vault environment.

In most cases, we don’t encounter this as both EV and DA share the same service account. However, this will not be the case for federated search across multiple EV deployments..

Thanks,

Operating Systems:

Comments 6 CommentsJump to latest comment

AmolB's picture

Have you checked the below article on EV and Accelerator's accounts & permissions.

http://www.symantec.com/docs/TECH200788

ecrgvp's picture

Yes, I had gone through it earlier. But, It doesnt address specifics about permissions required for DA service account on EV deployments for doing a federate E-discovery search.

 

ecrgvp's picture

Can anyone assist here please?

Rob.Wilcox's picture

I've never tried this to be honest - have you tried contacting Support?

Kenneth Adams's picture

Hello, ecrgvp;

In order for DA to search across multiple EV deployments, the following conditions must exist:

1) ALL deployments MUST be running the same version of EV (i.e., all must be running EV 9.0 SP4, or all must be running 10.0 SP3).

2) The Vault Service Account (VSA) used by the DA installation MUST have at least Read permission against every archive to be searched in each EV deployment.

3) The VSA used by the DA instance must have at least Read permission against each EV deplyment's directory service.

If you also want DA to have Custodian Manager synchronize to all of the EV deplyments, the VSA must have at least Read permission to all AD objects in the domains in which the other EV deployments exist.

There must be a trust relationship between the AD domain in which the VSA that runs the DA server exists and all other AD domains in which the other EV deplyments exist. Ideally for us, that would be a 2 way trust.  A one way trust should work if the domains in which the other EV deployments exist trust the DA VSA's domain.  This trust must exist regardless of using Custodian Manager.

Also, there may be a need in the DA server to configure the LMHOSTS file with the 2 entries needed to identify a Domain Controller in the domains hosting the other EV deployments.  Microsoft KB 31 4108(http://support.microsoft.com/kb/314108) provides instructions on how to edit the LMHOSTS file properly.

 

Ken Adams

Backline Support for CA, DA, ACE, UCE, PSTD, ARMS, EVDC
US Support Region

SOLUTION