Overview
This article provides information about the interaction between Archiver and multiple domains in an Active Directory environment.
Description
Archiver uses the service account (GFI Archiver Attendant Service) and its permissions to be able to access the domain and the Active Directory in that domain. Using those domain permissions, Archiver allows the detection of users from multiple domains, as long the domains belong to the same forest and are in parent-child relationships. The service account would have to be in the parent domain to have access to both the parent and the child domain.
In order to have Archiver work in an Active Directory forest environment and be able to archive mails for users in more than one Active Directory domain in the forest, it is necessary to ensure the following:
- The Active Directory domain where Archiver is installed has full access to the rest of the Active Directory domains in the forest. It needs to be installed on the highest forest node that needs to be accessed.
- To use Access Groups (Configuration > Access Control) you need to ensure that the groups you want to manage belong to the same Active Directory domain where Archiver is installed. It is recommended to use Domain Local and Universal security groups since only these types of security groups may contain accounts external to the domain.