Cannot connect to the domain controller for domain (4286118)

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Cannot connect to the domain controller for domain
Description

When attempting to view membership in an Active Directory group from Permissions analysis results, the following message displays:
Group: [group-name] Cannot connect to the domain controller for domain
Cause

A trust relationship between the domain or forest that hosts the Active Directory group and the domain or forest in which ControlPoint is installed does not exist or requires additional authentication.
Resolution
If you want to be able to view members of Active Directory groups in another domain or forest when analyzing users and permissions, one of the following trust relationships must exist:
- a two-way trust (that is, users from both domains or forests can access each other's resources without additional authentication)
- a one-way outgoing trust relationship (that is, resources in the domain in which ControlPoint is installed are accessible to users in the user domain or forest. In this case, ControlPoint needs to be configured to access certain resources—such as Active Directory group members— in the other forest).
The Manage Forest Access feature lets you specify the account credentials that ControlPoint will use for authentication whenever it needs to retrieve Active Directory group members in a forest with which it has a one-way outgoing trust relationship. The account ControlPoint uses for authentication must have a minimum of Read access to the other forest. As an added security measure, ControlPoint encrypts these credentials using the Advanced Encryption Standard (AES) algorithm before they are stored.

Note that, if your environment uses a one-way trust relationship and you do not configure ControlPoint to manage forest access, ControlPoint will still be able to report on permissions granted to users and groups in other domains, but you will not be able to expand Active Directory groups and view membership in those domains.

To access the Manage Forest Access feature, perform any of the following:
- Replace the xcMain.aspx portion of the ControlPoint URL suffix with xcForestAccess.aspx.
- If the menu item has been added to ControlPoint and you have permissions for it, from the Manage ControlPoint panel, choose Manage Forest Access.
To manage access to domains and forests with one-way outgoing trusts: