Version Affected: All
When using Active Directory as a Datastore, if the domain name doesn't match the domain that the IdP is joined to, SecureAuth performs a SRV lookup for your connection string. This can result in attempts to connect to DCs that are located on suboptimal network paths
SRV lookup for all LDAP servers at that FQDN without specifying a site means that you can connect to any server in your AD.
Modify the Connection String to make SecureAuth connect to a local DC based on the site you specify. As long as there are multiple DCs in that site, you'll still have failover.
1. Open the SecureAuth admin console
2. Modify the Datastore Connection string.
For example if your connection string is currently
and you wanted to connect to DCs in your site called "wood" the connection string becomes
3. Save these changes and test the connection.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.