locked
Users from trusted forests/domains not resolving in ATA console - showing as unknown. RRS feed

  • Question

  • We recently went through a user migration from a forest root domain into another external, trusted domain.

    Since doing so if a user from the remote forest creates activity that triggers an event into ATA, the console seems unable to identify the user ID and displays this as an "unknown" entity.

    Given there is a two way trust between the two forests it should be relatively simple to resolve the name or the SID, but ATA seems unwilling to do so. Is the system coded simply to resolve users within the forest in which the gateway resides? Trying to work out where the limitation lies here and how we can potentially rectify the situation.

    Thank you in advance

    Paul

    Tuesday, August 20, 2019 12:46 PM

All replies

  • You need to have full coverage of DCs with Gateways for detection anyway.

    If there are no GWs on the new domain, we won't sync AD info from there...

    We should be able to resolve entities on demand if they are available in a GC which is accessible to the GWs, but maybe they are not ?

    Tuesday, August 20, 2019 1:24 PM
  • Hi Eli

    Is it possible to take the gateway installation software that is generated on the ATA portal, copy it over to a machine in another forest (with a trust) and install it? Would this work?

    We don't want another ATA service running in that forest as it would create more work to check events, and also it would likely suffer with the same problem or names/accounts not resolving.

    So maybe taking the source from the portal and installing it on trusted forest DCs would work? Is this a recommended solution?

    Thank you

    Paul

    Tuesday, August 20, 2019 4:23 PM
  • In the original post it was mentioned that it is an additional trusted DOMAIN , not forest.

    In case of one forest with multiple domains, it should work, you can use one Center, and install the same Gateway on all DCs in the forest giving there is trust.

    If it's a Multi forest scenario, then no, ATA does not support Multi Forest,

    If you want to cover another forest, you need an additional Center, but it won't resolve the issue mentioned above, as those Centers won't "talk" to each other.

    The only way to full support the multi forest scenario is to go with AATP instead of ATA, as AATP was built to support multi forest.

    Eli

    Wednesday, August 21, 2019 11:21 AM