Check additional UPN suffixes associated with the IPA realm on Active Directory side.
- Setup IPA Server per QA:Testcase_freeipav3_installation
- Setup additional domains associated with IPA realm per QA:Testcase_freeipav3_ad_realmdomains
- Setup Active Directory trust per QA:Testcase_freeipav3_ad_trust
During the process of establishing trust with AD, Active Directory domain controller will pull in information about additional domains associated with IPA realm. They can be seen in Active Directory UI for Domains and Trusts and should be first enabled to use.
Instruction below assumes Windows 2012 Server is in use. For Windows 2008R2 Server and below one shou
How to test
1. Log in into Active Directory domain controller as Administrator.
2. Open Active Directory Domain and Trusts
3. In the console tree, right-click the domain node for the AD.LAN domain, and then click Properties.
4. On the Trusts tab, click the IPA forest trust, and then click Properties.
5. On the Name Suffix Routing tab, under Name suffixes in the IPA forest, click the suffix to modify the routing status, and then click Edit.
6. In Existing name suffixes in IPA forest, click the suffix that you want to modify, and then click Enable or Disable.
7. Modify list of the domains on the IPA side:
# ipa realmdomains-mod --add-domain foobar1.ext
8. Click Refresh button on the Name Suffixes Routing tab
9. You should see foobar1.ext domain appearing there with Disabled status.
All the test steps should end with the above specified results.