Endpoint Encryption

 View Only

  • 1.  Adding a new Active Directory on SEE Managent Server

    Posted Mar 25, 2019 09:48 AM

    And I need to put on my SEE Management Server a new AD from a trusted domain. This other Active Directory is in  another server, with another IP range. How can I do this?

     

    Thanks, for any help.

     



  • 2.  RE: Adding a new Active Directory on SEE Managent Server

    Posted Mar 25, 2019 12:55 PM

    The options and steps are explained on pages 35, 84, and 85 of the installation guide (https://www.symantec.com/docs/DOC9134), but it is simply opening the "SEEMS Configuration Manager", navigating to Active Directory -> Configuration, and clicking the Green plus (+) sign to add yet another AD forest in there.



  • 3.  RE: Adding a new Active Directory on SEE Managent Server

    Posted Mar 27, 2019 09:33 AM

    Thank you for your return @SMlatCST.

    But what I need to know is if to add this other domain in SEE it needs to be a sub-domain of the principal.

    In the installation guide this is not clear.

     

    Regards

     

    Sergio



  • 4.  RE: Adding a new Active Directory on SEE Managent Server

    Posted Mar 27, 2019 11:49 AM

    The option I highlighted relates directly to different AD forests, and as you provide all the credentials for the synchronisation, no trust is required.

    To actually utilise the SEE Manager Console to assign policies via GPO does require cross-forest trusts though, as would assigning Server Roles.

    What do you actually want to do with the information from the other AD forest?



  • 5.  RE: Adding a new Active Directory on SEE Managent Server

    Posted Mar 27, 2019 02:12 PM

    Since there are two different domains we would like to add administrators from both domains. But it does not find the users of the other domain. When we try to add the second domain to SEEM we get the error below.



  • 6.  RE: Adding a new Active Directory on SEE Managent Server

    Posted Mar 28, 2019 04:44 AM

    OK, so it's worth clarify that these are 2 different things you're trying to accomplish.

    Server Roles

    This requires a cross-forest trust, and uses Windows' AD membership to find and add the administrator (i.e. it's possible to add roles to admins without populating the AD section of the SEEMS Config Manager, it uses what Windows can find due to its AD membership).

    Add AD Forest

    This just give you an overview of the client machines in the target forest or domain that you add, and aids in client tracking.  This doesn't sound like what you're after anyway, so you might just ignore the errors (which are likely occuring because nothing in your nomal AD forest knows how to connect to this new one.)  If you sort out the cross-forest trusts and resolution, this should start working as well