|
|
We currently are trying to put a solution in place that will allow a single
sign in for SAP and other applications between two AD Forests with a trust.
This is basically a break away from the original 2003 domain and then
migrating users to the new trusted 2008 domain. The trust is at the Forest
root.
Now SAP uses an LDAP lookup to AD for user authentication and in order to
break away from the original domain and not keep an account on both domains
we are considering LDS 2008. SAP would then point to LDS to authenticate
instead of pointing just to the original domain LDAP lookup. To add to this
we would like to try to streamline this operation instead of creating more
work for the original domain admins. So, is it possible for AD to
automatically replicate new users and deletes up to LDS instead of that
having to be always manually done?
So we set the two domains in LDS and then when new users are placed in any
of the domains or removed they will automatically be added or removed from
LDS.
Again this solution sounds like it would solve our SAP issue but also just
sounds way to manual and creates a lot of admin overhead for whoever manages
the LDS.
Thanks!
|
|
|