Administrator Guide
If you need to authenticate users belonging to multiple AD forests or domains in your network, and there is no
trust relationship between these entities, then you must join CPPM to each of these untrusted forests or
domains.
CPPMdoes not require to join multiple domains belonging to the same ADforest because a one-way trust
relationship exists between those domains. In this case, CPPMcan join the root domain.
CPPM can join or leave an AD domain by using the following two buttons in the System tab of the Server
Configuration page:
l Join Domain—Click this button to join this CPPM appliance to an Active Directory domain. Password
servers can be configured after Policy Manager is successfully joined. For more information on adding a
password server, see Add Password Server on page 408.
l Leave Domain— If the server is already part of multiple AD domains, click this button to disassociate this
Policy Manager appliance from an Active Directory domain.
For most use cases, if you have multiple nodes in the cluster, you must join each node to the same Active Directory
domain.
The following figure displays the Join AD Domain window:
Figure 382: Join AD Domain
Dell Networking W-ClearPass Policy Manager 6.5 | User Guide Administration | 407