ryannewington
commented
3 weeks ago @milanbla yes it is supported to install AMS in domain (A) and access passwords in domain (B), provided there is at least a one-way trust that B trusts A.
Could you attach your UI log file, after browsing to the "Directory Configuration/Active Directory" tab, so we can see why its not appearing. Also perform an import as well so we can capture the details of the problem.
The log will be at C:\Program Files\Lithnet\Access Manager Service\logs\access-manager-ui.log
milanbla
Manage LAPS of other domains. We have installed Lithnet Access Manager on a server in domain (A) during the testing phase, where Windows LAPS is deployed. Everything seems functional. We would like to manage the passwords of servers from other domains as well. These are domains that have a one-way, non-transitive trust towards domain (A). I attempted to set up management with domain (B), which uses legacy Microsoft LAPS. I added the Lithnet service account from domain (A) to the following groups in domain (B): • Windows Authorization Access • Access Control Assistance Operators • Pre-Windows 2000 Compatible Access Additionally, I ran the 'Delegate LAPS Permissions' script in domain (B), which is provided by LAMS under the Active Directory\Microsoft LAPS tab. The script successfully delegated security permissions for the Lithnet service account. The good news is that other domains are visible in the Authorization rules\Computers tab in LAMS and can be browsed. I was hopeful that domain (B) would appear in the Directory Configuration\Active Directory tab. Unfortunately, it did not appear. I also tried importing authorization rules from OUs of the domain (B), but the discovery ended with the error: "The object (SID) was not found in the global catalog." My question is: Is it possible to deploy LAM in the configuration I described, meaning a single LAMS server managing the existing domain (A) while also administering other trusted domains that are not in the same forest as domain (A)?
Thank you in advance for your reply