Ensuring reliable and secure access to privileged accounts is critical for MSP technicians managing client networks. In an environment with multiple DCs TechIDManager can support redundancy and offline resilience, giving your team options to maintain access even when parts of the network fail. There are a variety of ways that a forest, or the connection between DCs can fail, and TechIDManager Agent can be installed on multiple DCs to account for all of these.
By distinguishing username formats and OUs between primary and backup agents, you achieve a fault-tolerant and auditable configuration that guarantees technician access even during outages. You can even determine a select subset of techs that get backup accounts if you want.
This guide explains how to configure redundant domain agents across multiple domain controllers (DCs) without conflicts.
Background: Why Redundant Domain Agents Matter
- Technicians require uninterrupted access to client credentials.
- Outages can occur due to broken site-to-site connections, partial internet outages, or domain sync failures.
- Redundant agents ensure seamless failover and independent auditing of technician activity.
Primary Agent Configuration
|
1
|
Install the TechIDManager agent on the primary DC | |||
|
2
|
Use your standard username format and designate the correct organizational unit (OU) for accounts | |||
|
3
|
This DC acts as the authoritative source for technician accounts | |||
Backup Agent Configuration
|
1
|
Install another TechIDManager agent on a secondary (or additional) DC | |||
|
2
|
Set the username format to differentiate backup accounts (e.g., add {user}.{company}.backup or bg-{user}-{company}) | |||
|
3
|
Place these accounts in a separate OU from the primary accounts | |||
|
4
|
This ensures the agents do not conflict while still providing redundant access |
|||
Scaling Redundancy
- Deploy agents across as many DCs as needed.
- Each agent should follow the same principle: unique username format + dedicated OU.
- Create a standardized naming template for primary and backup accounts across environments.
- This approach provides both resilience and independent logging for audit purposes.
- This does not change your license count with TechIDManager.
Support
For help with setup or troubleshooting, reach out to our team at support@techidmanager.com
