When Active directory is a multi domain configuration its recommended to have a integration type as IWA (integrated windows Authentication)
VIDM supports IWA if there is a two -way trust between all child domains and parent domain.
Requirements: We need to add a connector to the domain and we need a bind user in any of the child domain.
Follow below steps to configure IWA for directory integration
click Identity & Access Management and click add Directory
Give a name and select IWA as option (2nd option)
Scroll down for more options if policy allows only over SSl select below options and provide SSl certificate from domain controller server. Remember since here its a single forest multiple domain architecture if we are using different certificates we have to add all root certificates there.
we are not going to use SSl so uncheck and provide domain name , domain admin username password along with bind user details and password and click save and next.
On this step it will add connector to domain and bind to all child domains.
click Save & next and it will list all child domain with root domain select all and click Next
keep default selection at attributes page and click Next
on group page specify DNs for the groups to be synced into vidm and hit Next
on user page specify location of users to be synced from Active Directory. We shouls specify location from all root and child domains.
Review Directory sync and click sync directory button
it will take some time to sync directory depending on number of users and groups to be synced .
check new directory added under Identity & Access Management
this is how we can add Active directory for single forest and multi domain using IWA option.