Authentication domains contain domain controllers that are required to authenticate user accounts over the infrastructure tunnel. Client domains configured in the Forefront UAG DirectAccess Configuration Wizard are automatically included as authentication domains.
Additional authentication domains must be added for the following:
- Domains containing user accounts that are not
members of a Client domain. This enables a user from another domain
using a client computer enabled for Forefront UAG DirectAccess, to
be authenticated with a domain controller in the user’s domain.
- Domains containing management servers that
require Kerberos authentication with the DirectAccess client, that
are not included in the Client domains specified.
- The domain of the Forefront UAG DirectAccess
server, if it was not included as one of the client domains.
To specify authentication domains
In the Infrastructure Servers section of the wizard, on the Authentication Domains page, click Add. The Specify a Domain window appears.
Note: Client domain specified in the Client domain page of the Forefront UAG DirectAccess Configuration Wizard, are automatically added to the list of authentication domains, and cannot be removed.
Choose a domain from the domain tree and click Add. Repeat this operation for all the domains you want to add as authentication domains.
To enter a domain that does not appear in the domain tree, under Type the domain name, type a domain name and click Add.
Note: The wizard confirms that the domain exists before adding it to the list of authentication domains.
When you have finished adding domains, click Close and then Next. The Management Servers page appears.