Note: This is rough draft of the blog .please excuse for the typo’s and English”

1   INTRODUCTION

This document helps in configuring the Multi-Domain on the NS, AppC and MDM.
Multi-Domain support works when the Netscalar and Appcontroller component are integrated together.
If we want to have the feature work in the MDM then Appcontroller and MDM must be integrated with “Nested option”  disabled at the MDM.
These configuration are explained in details in the following section :-

2   Netscaler

1.Login to Netscaler
2.Enter username and password


3.Click on Virtual server and click on Netscaler_Gateway


4.Wait till the Applet loads


5.Now Click on Authentication Tab
a.By default it shows a single domain Managed.

6.Add Addition Domain to configure the Multiple Domain
a.Click on Insert Policy –>New Policy


7.Specify
a.Name – Secondary Auth server
b.Authentication type – LDAP
c.Under server click on “New”
d.Under Names Expression
i.Select General
ii.Select “True value”
iii.Click on Add Expression
e.Click on create
f.Screenshot on the next page


8.After Creating the Policy you see the following page :


9.Click on the default (first) Authentication server Managed
10.Make the following changes :
a.Change the server Logon name Attribute to userPrincipalName
b.Make sure the SSO name Attribute should be “Blank”
c.Click on “OK”


11.Follow the same procedure for the Second Authentications Name managed.
12.Now Click on Policies and click on Profile of each policies set the following

13.Click on published Application
a.Remove the value from Single Sign on Domain .


14.Follow the same for rest of policies .

3  App Controller

1.Login to Appcontroller with proper credentials


2.Click on Settings


3.Click on Active Directory
4.Click on ADD Button


5.Add New Authentication Server


6.Click on Sync and you will see the status as RUNNING


7.Once the Sync is complete your setup on the Appc for Multiple domain is done

8. Go to the settings – Deployment tab.

9.Make sure call back url is not configured

4   MDM

1.Login to MDM Console with proper credentials


2.Click on Option –>Ldap Configurations
3.Remove “Default” by select the domain and then click on “Undefined default”.


4.Click on New and add the Ad details
5.Select LDAP if 389 else select LDAPS 636 port


6.Click on Next and the details and add the following details :
i.Select search by user as “userPrincipalName”
ii.Don’t check the “support nested group” option. If it checked then uncheck this option
iii.Click on Check
iv.Click on Next


7.Click on OK


8.Click on Next


9.Click on Next and groups
a.Domain users and select role as users
b.Domain Admin and select role as Administrator
c.Click on Next and click on FINSIH

10.Once finish the Secondary domain gets added in the MDM.