Multi-domain configuration

Using a Specops uReset installation in multiple domains is supported in limited scenarios.

The domain where the Gatekeeper is installed is considered the system domain. You can add Active Directory scopes to allow users from other domains to sign in and reset their passwords. Users from other domains can also be managed from the Helpdesk pages.

Multi-domain support is limited by the following requirements:

  • The system domain is defined by where the Gatekeeper is installed
  • System admins must be in the system domain
  • Helpdesk users must be in the system domain
  • The non-system domains must be trusted by the system domain

To configure Specops uReset for a multi-domain scenario, complete the steps below:

  1. Ensure you have correctly installed Specops uReset. See Installation for more information.
  2. Register the child domain on the uReset Web from Settings>Domain names.
  3. From the Policies and Groups tab in the Gatekeeper Admin tool, add scopes for your child domain.
    • Under Active Directory Scopes, click Edit
    • Select the Allow scopes to be outside the delegation root Your child domain should appear.
    • From each child domain, add the OU that you want to add to the scope. The Gatekeeper delegation will happen automatically.
  4. Open the Group Policy Management Console, create a uReset policy in the child domain. Note: Linking uReset policies across domains is not supported. Each child domain must have its own uReset policy.
  5. Click New in the Policies row in the Gatekeeper Admin Tool.
    • The New Policy window will appear. From the domain drop down, select the child domain.
      The child domains will only appear if there is a scope in the domain (as per step 2).
    • Configure the policy as desired.
  6. Configure the Authentication Client in the child domain. You will need to use the ADMX template to let clients in the child domains know about the Gatekeeper in the root domain:
    • URL overrides for enrollment/password reset/password change You can copy the respective web URLs from the Specops uReset Administration tool.
    • Custom settings container. Copy the container path from the Policies and Groups tab from the uReset Administration tool.
    • Specify the setting container type as uReset.

Alt text for this image