Specifying authentication domains in SP1

Published: October 21, 2010

Updated: February 1, 2011

Applies To: Unified Access Gateway

Authentication domains contain domain controllers that are required to authenticate user accounts over the infrastructure tunnel. Client domains configured in the Forefront UAG DirectAccess Configuration Wizard are automatically included as authentication domains.

Additional authentication domains must be added for the following:

  • Domains containing user accounts that are not members of a Client domain. This enables a user from another domain using a client computer enabled for Forefront UAG DirectAccess, to be authenticated with a domain controller in the user’s domain.

  • Domains containing management servers that require Kerberos authentication with the DirectAccess client, that are not included in the Client domains specified.

  • The domain of the Forefront UAG DirectAccess server, if it was not included as one of the client domains.

  1. In the Infrastructure Servers section of the wizard, on the Authentication Domains page, click Add. The Specify a Domain window appears.

    Client domain specified in the Client domain page of the Forefront UAG DirectAccess Configuration Wizard, are automatically added to the list of authentication domains, and cannot be removed.

  2. Choose a domain from the domain tree and click Add. Repeat this operation for all the domains you want to add as authentication domains.

  3. To enter a domain that does not appear in the domain tree, under Type the domain name, type a domain name and click Add.

    The wizard confirms that the domain exists before adding it to the list of authentication domains.

  4. When you have finished adding domains, click Close and then Next. The Management Servers page appears.