You can add a single domain controller host or multiple hosts when you register an Active Directory (AD).

You might configure multiple domain controller hosts to ensure redundancy and failover operations. If the primary domain controller that App Volumes Manager is connected to becomes unavailable, then App Volumes Manager can perform a failover and switch to a different host. This redundancy ensures that App Volumes users are unaffected by the downtime and can continue their operations without interruption.

You can select how App Volumes Manager detects domain controllers. Consider the following when you add domain controllers:

  • If you provide a list of domain controllers, App Volumes Manager looks for a domain controller only in the list you provided. If the domain controllers in the list are all down, App Volumes Manager connects to the AD with the domain as the host. But the manager will continue to try to connect to one of the domain controllers in the list every 5 minutes. This process slows down the system.

  • Connecting to domain controller using the domain as a host only works with LDAP(insecure). The connection will fail if you use LDAPS or "LDAP over TLS" with certificate validation.

  • If you do not provide a list of domain controllers, App Volumes Manager detects domain controllers automatically and also assigns a priority to them.

  • App Volumes Manager will search for and try to connect to domain controllers from the same site. Domain controllers from other sites are also added in order of binding time.

  • Do not include non-ASCII characters in the domain controller name.

  • Domain controllers in the same site always have higher priority over the DCs from different sites.

You can view the list of domain controllers and their connectivity status under CONFIGURATION > AD Domains.

Refresh Domain Controllers

The list of available domain controllers is refreshed every 480 minutes (8 hours). Use the environment variable, TIME_TO_REFRESH_DOMAIN_CONTROLLERS, to change the default time of 8 hours. You must set the time in minutes.

NTLM Authentication

NTLM (NT LAN Manager) authentication is used to make the communication between App Volumes Manager and agent more secure.

Note:

Domain Controller failover is not supported for NTLM-based authentication. If the first available domain controller is down, then NTLM authentication fails. However, if the App Volumes agent logs out and logs in again, NTLM authentication will go through since the App Volumes manager again queries for the first available domain controller.