Implementing a second managed domain / configuring a replacement server

Question

Our Adaxes server is currently used to manage only one hybrid domain. We're looking to add a second (AAD / cloud only) managed domain, but our existing Adaxes instance was never configured with that in mind.

When I added the second managed domain as a test, all of our existing roles, business rules, etc. included the new domain in their scope, and our help desk users were able to perform actions against users in the new domain immediately, which we do not want.

It seems like it would take considerable effort to exclude the new domain from all the existing items and retrofit everything to support two managed domains with different requirements (security roles and such).

My thought was that I'd instead take this opportunity to spin up a second server on a trial license, configure Adaxes again from scratch with support for multiple domains in mind, then move our license to the new server when we're ready to cut over.

Is this an allowable use case for a trial license?

Can two independent Adaxes instances manage the same domain (so the new server can be configured without impacting functionality on the existing server)?

Is there a better way to add a second managed domain to our existing server and configure it "behind the scenes" without that domain and its objects being visible to our users immediately?

Thanks.

Answer 1

Hello,

Is this an allowable use case for a trial license?

Yes, it should work just fine.

Can two independent Adaxes instances manage the same domain (so the new server can be configured without impacting functionality on the existing server)?

Yes, sure. You can have multiple separate instances of Adaxes service managing the same domain and not impacting each other.

Is there a better way to add a second managed domain to our existing server and configure it "behind the scenes" without that domain and its objects being visible to our users immediately?

The two approaches you mentioned are the only ones. There is just no other way except for adjusting the corresponding scopes. At the same time, rather than starting from scratch on the new server, you can back up/restore your configuration, remove all the scopes and assignments from Adaxes configuration objects (security roles, business rules, etc.) and proceed with configuring them according to multiple domains management.

Comments

Will restoring server 2 from server 1's backup interfere with server 1's license, or will server 2 still have a trial license for 30 days after the restore?

---

Hello,

Licenses are not included in Adaxes backups. As such, the restore will not have any influence on the corresponding Adaxes instance licensing.

---

Thanks.

Assuming we go this route and server 1 continues to be used while server 2 is being configured, would there be any way to migrate records of actions/approvals that occurred on server 1 between when the backup was taken and when we cutover to using server 2? Or would we be stuck with that gap in our logs?

---

Hello,

Unfortunately, there is no way to transfer log records without a full replace of the existing ones. The only option is to directly configure both services to use an external MS SQL database: https://www.adaxes.com/help/EnableExternalDatabaseLogging. However, you will see log records from both services when connected to either of them while they are both in place.

As for approval requests, you can try using the steps from section How do I transfer pending approval requests of our installation guide: https://www.adaxes.com/help/InstallationGuide/#transfer-pending-approval-requests.