How to configure an additional domain in ADSelfService Plus

How to configure an additional domain in ADSelfService Plus

Objective   

This article provides concise instructions on adding additional domains in ADSelfService Plus. Integrating multiple domains enables administrators to manage self-service password resets, account unlocks, and authentication policies across different AD environments.

Steps to follow 

  1. Log in to the ADSelfService Plus admin console with the default admin account.

  2. Click Domain Settings located in the top left corner.

  3. Click on the Add New Domain button.

  4. Enter the domain name of the second domain.

  5. Click the Discover button to auto-detect domain controllers.

  6. If domain controllers are not automatically discovered, manually add them by entering their details in the Add Domain Controllers field.

  7. Enable the Authentication checkbox and provide the necessary credentials with sufficient privileges to manage the domain.

  8. Click Save to apply the configurations.

 

Validation and confirmation   

  • Ensure the newly added domain appears under Domain Settings in ADSelfService Plus.

  • Confirm that ADSelfService Plus can communicate with the domain controllers of the second domain by verifying firewall rules and RPC connectivity.

 

Troubleshooting tips

If you encounter issues while configuring additional domains, ensure that you have followed these steps:

  • Log in using the default admin account. The option to add a second domain will not be visible if you are logged in with any other account.

  • The ADSelfService Plus application is installed and running.

  • Verify that the required AD-related ports listed below are open to allow communication between the ADSelfService Plus server and the domain controllers of the second domain.

Port

Protocol

Service

53

TCP/UDP

Domain Name System (DNS)

88

TCP/UDP

Kerberos authentication

123

UDP

Windows Time service (W32Time)

135

TCP

RPC Endpoint Mapper

389

TCP/UDP

Lightweight Directory Access Protocol (LDAP)

445

TCP

Server Message Block (SMB)

464

TCP/UDP

Kerberos password change

636

TCP

LDAP over SSL

3268

TCP

Global Catalog LDAP

3269

TCP

Global Catalog LDAP over SSL

49152-65535

TCP

RPC dynamic ports

 

Why are RPC dynamic ports required?  

  • Remote Procedure Call (RPC) is used for remote management and AD replication between domain controllers.

  • ADSelfService Plus communicates with domain controllers via the RPC Endpoint Mapper (port 135), which assigns dynamic ports from the range 49152-65535 for subsequent connections.

  • These dynamic ports are necessary for AD-related queries, user authentication, and group policy updates.

  • If RPC dynamic ports are blocked, ADSelfService Plus may fail to retrieve domain information or authenticate users against the second domain.

 

 

How to reach support   

If the issue persists, contact our support team here.




      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                      Related Products