cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
PeteG
Level 8
Report Inappropriate Content
Message 1 of 2

Can I do LDAP syncs from more than one Domain to one ePO server

Jump to solution
Basic Question... Can we do an LDAP sync from multiple domains ? We currently utilize ePO v 5.10 and Drive Encryption v 7.2.8 on our endpoints. We do an LDAP sync from AD to sync the user info used for Pre Boot Auth. We are going to spin up a new Domain and need to know if we can also use LDAP to this new domain for our AD user info or will this cause an issue?
1 Solution

Accepted Solutions
cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Can I do LDAP syncs from more than one Domain to one ePO server

Jump to solution

Yes, you can have multiple different domains that you source users from, however, the configuration needs to include the necessary registered LDAP servers to source all of the users that you will need to have as MDE users but you must make sure that you don't have more than one registered server that can source the same user(s), otherwise you can create a situation where there are duplicate users.

Another consideration is going to be duplicate user names. For example, if you have two domains and in domain 1 there is a user named Bob Smith who has the samaccountname of "bsmith" and in domain 2 there is a user named Brian Smith who also has the samaccountname of "bsmith" there can be confusion and issues there since there will potentially be two "bsmith" user accounts even though they are truly different users.

An additional item that I must note is that, for the most part, we want to avoid deleting any registered LDAP servers as that has the potential to leave user objects as orphaned objects and also has the ability to create duplicates.

The subject of migrating any of your existing LDAP users to a new domain is a different subject entirely but it doesn't seem that is a subject at hand here. If I'm mistaken, please let me know.

View solution in original post

1 Reply
cross
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Can I do LDAP syncs from more than one Domain to one ePO server

Jump to solution

Yes, you can have multiple different domains that you source users from, however, the configuration needs to include the necessary registered LDAP servers to source all of the users that you will need to have as MDE users but you must make sure that you don't have more than one registered server that can source the same user(s), otherwise you can create a situation where there are duplicate users.

Another consideration is going to be duplicate user names. For example, if you have two domains and in domain 1 there is a user named Bob Smith who has the samaccountname of "bsmith" and in domain 2 there is a user named Brian Smith who also has the samaccountname of "bsmith" there can be confusion and issues there since there will potentially be two "bsmith" user accounts even though they are truly different users.

An additional item that I must note is that, for the most part, we want to avoid deleting any registered LDAP servers as that has the potential to leave user objects as orphaned objects and also has the ability to create duplicates.

The subject of migrating any of your existing LDAP users to a new domain is a different subject entirely but it doesn't seem that is a subject at hand here. If I'm mistaken, please let me know.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community