Single Domain Environments
The simplest and easiest to configure in OVERLAPS, no special considerations need to be taken into account for these.
Forests with Multiple Domains
OVERLAPS supports multiple domain environments with a properly configured trust relationship. No special configuration is required to add this feature as OVERLAPS will automatically attempt to determine your domain trust relationships on startup, however there are a few points to consider.
Navigating Other Domains
By default, when populating Organizational Units, OVERLAPS will look to the root domain of the forest and from there discover any accessible child domains. However this can be modified from the Configuration Utility’s Settings tab by changing the “MultipleDomainPreference” value to the following:
0 = “RootFirst” (Default)
Seeks the root domain in the current Forest and then attempts to include child domains.
1 = “SingleDomainOnly”
Limits OVERLAPS to the domain that the server is in only. No attempt will be made to attempt to read any other domains in the Forest.
2 = “MemberFirst”
Selects the domain that the OVERLAPS server is a member of first, and then attempts to include any other domains in the current Forest (including the root if it is not the same).
Authentication
In “SingleDomainOnly” mode, user authentication is also limited to the current domain. Otherwise in a multi-domain environment, users will be prompted for their domain prior to logging in (or have to supply it in the form “domain\username” in the case of Windows Integrated Authentication).
Universal Groups are supported for user login, as are per-domain groups.
When adding a user or group in a multi-domain environment, the autosuggest mechanic will search all domains once you start typing and allow you to select from the found users.
Enabling/Disabling Individual Domains
If you are in a multi-domain environment but wish to stop OVERLAPS from talking to one or more of those domains, you can disable them individually from the Config -> Settings -> Active Directory section.
For more information, see Settings – Active Directory.
Cross Forest Trust Support
In version 2.2.0.0 support was added for authenticating users and groups from other Active Directory Forests with an appropriate trust relationship.
Note that it is still the case that only computers in the current forest can be managed.