Expand my Community achievements bar.

LiveCycle and Active Directory resilience

Avatar

Former Community Member
7/1/13 7:26:02 AM

Hi, I am an Active Directory administrator with a minimal knowledge of Adobe LiveCycle (sorry!)

Our Organisation has purchased a product that uses Adobe LiveCycle for user authentication and management and the third party company implementing it were responsible for synchronising LiveCycle with our Active Directory. We required the third party to provide resilience as the product is a crucial line-of-business application, which they did by configuring LiveCycle to synchronise against two of our Domain Controllers.

The two Domain Controllers are on seperate sites (which is good practice for resilience) but what it appears is happening is that LiveCycle is synchronising the users' details from the first Domain Controller (DC1), then overwriting it with the details from the second (DC2). As DC2 is in a seperate site, there is up to a 15 minute delay between a change being made to DC1 and that change being replicated to DC2.

What was happening in practice was that the administration staff were adding a user to the Active Directory group that grants access to the product, triggering a synchronisation of LiveCycle with Active Directory and the group membership was overwritten by the details on DC2.

Is there any way of configuring LiveCycle to have a list of Active Directory Domain Controllers which it will attempt to connect to in sequence until it finds one that will respond?

Many thanks!

Views

1.6K

Replies

3

Total Likes

Translate
Translate
3 Replies

Avatar

Former Community Member
7/2/13 11:27:50 AM

From what I understand, you would have to create some kind of proxy yourself and then create this single proxy as your enterprise domain. As you've experienced, adding two enterprise domain servers will basically have LiveCycle create two separate repositories with duplicate users & groups throughout the system.

Views

442

Replies

0

Total Likes

Translate
Translate

Avatar

Former Community Member
7/3/13 1:28:15 AM

Is there any way of suggesting this as a feature request to Adobe? It's not uncommon for applications that are not Active Directory-aware, but which use AD for authentication to be able to be configured to use redundant Domain Controllers.

Active Directory Domain Services are not able to be clustered or load-balanced; resilience is provided by having multiple Domain Controllers that replicate the directory amongst themselves.

Thanks for your help; DamionD

Views

359

Replies

0

Total Likes

Translate
Translate

Avatar

Employee
Employee
7/3/13 11:14:40 PM

Hi Damion,

As far as I understand, you are adding two Directory providers in a single LiveCycle domain. One of the directory provider (DC2 and which has a 15 minute delay) overrides the user/groups added by the other. Currently, there is no support in LiveCycle to add a failover domain controller. You can contact Adobe support and they help you file a feature request.

Temporarily, you may delete DC2 directory provider from the domain to prevent this but that would not give you any failover advantage.

Thanks,

Neerav

Views

540

Replies

0
Sign in to like this content

Total Likes

Translate
Translate