Multiple Domains to Access Octopus

(jay.hollingsworth) #1

Goal: Access Octopus Deploy UI from 2 different domains with users spread across both domains in either one or the other.
Potential Roadblock: There can only be a one-way trust.
Question: Is this possible?

In preparation to migrate to another server, we have recently stood up a new domain (B) in addition to our existing domain (A). Octopus Deploy will be run from a server in Domain-B. Because we are not migrating our current users in Domain-A to Domain-B, the users in Domain-A will also need to be able to access Octopus. There can only be a one-way trust with Domain-A being able to connect to Domain-B. However, Domain-B will never be able to have access to Domain-A. How should we proceed in setting this up? Is it possible? What are our options?

(jay.hollingsworth) #2

Hi,

Will someone be able to look at this soon?

(Lawrence Wilson) #3

Hi Jay,
Thanks for reaching out, my apologies for the long delay in getting back to you on this one. I am looking into this right now and I will have a response for you shortly.

Kind regards,
Lawrence.

(Lawrence Wilson) #4

Hi Jay,
I apologise for the long delay in getting back to you. In order to help with your question, I have created a lab environment with your scenario in mind and I can confirm that this configuration will work for you, even if there is only a one-way trust between your two domains.

In order to setup this scenario I also stood up a new domain called WILSONLAB in a new Active Directory Forest Installed Octopus in that domain. After configuring DNS Conditional Forwarders and achieved end-to-end name resolution between WILSONLAB and OCTOPUSRND I logged into OCTOPUSRND’s Domain Controller and configured a one way trust.

One thing to note in this scenario is that you need to ensure that the Account which is running the Octopus Service is in the Domain for which the trust is incoming.

For example,
My Octopus server is installed in the domain: ad.wilsonlab.net
my domain ad.wilsonlab.net has an outgoing, External trust to ad.octopusrnd.com.
My OctopusDeploy service has Log On As: OCTOPUSRND\ODService1
My users are logging in from both WILSONLAB and OCROPUSRND

I have attached some screenshots of my setup for confirmation please let me know if you need any further information. I am always happy to help.

Kind Regards,
Lawrence.

LoginPrimpt2.PNG

LoginProfile1.PNG

loginPrompt1.PNG

Service.PNG

Trust1.PNG

(jay.hollingsworth) #5

Thanks Lawrence! You were tremendous help! I got it to work properly. Thanks again!

(system) closed #7