---
alias: operation-guide-multipledomains
description: "Configure Multiple Active Directory Domains for seamless integration within the system"
---
# Multiple Active Directory Domains Configuration
Critical Manufacturing MES supports multiple Active Directory domains. You need to perform three simple steps to enable multiple domains:
## Host configuration file
Set the different fully qualified domain names (FQDN) on the `LDAPPATH` variable key on the `BusinessTier\Cmf.Foundation.Services.HostService.dll.config` file. As an example:
```xml
```
!!! info
For more information on the variables, see the [[operation-guide-configurationfiles]] page.
## GUI Configuration entries
Set the configuration entries referencing the inserted LDAPs, specifically:
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/DisableCertificateValidation`
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/Port`
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/UseSSL`
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/UserName/`
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/UserPassword/`
* `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/Domain/`
!!! warning
Each set of configurations must exist for every different configured domain.
!!! info
The configuration entry `/Cmf/System/Configuration/LDAP/Credentials/[FQDN]/Domain` for each domain is optional. When specified, it allows the system to retrieve the domain directly from the configuration during startup, thereby eliminating the need for LDAP queries to discover this information.
The configuration entry `/Cmf/System/Configuration/LDAP/EnableMultipleDomain/` enables role synchronization across multiple domains. When activated, the system leverages the user's domain context, automatically manages referrals, and searches for roles across all configured domains.
For more information, see [[system-configuration-entries]].
## Security Portal
In order for the Security Portal to interact with multiple domains, it has to be configured with one Active Directory strategy per domain. This can be achieved by modifying its `config.json` file and configuring the additional entries. The file is located in `/app/src/config.json` (in the Security Portal container) and you can see an example below:
```json
{
"id": "ExampleFirstDomain",
"type": "local-ActiveDirectory",
"config": {
"defaultDomain": "examplefirstdomain",
"ldap": {
"url": "ldap://examplefirstdomain.local",
"base": "DC=examplefirstdomain,DC=local",
"user": "EXAMPLEFIRSTDOMAIN\\messervice",
"password": ""
}
}
},
{
"id": "ExampleSecondDomain",
"type": "local-ActiveDirectory",
"config": {
"defaultDomain": "exampleseconddomain.company.com",
"ldap": {
"url": "ldap://exampleseconddomain.company.com",
"base": "DC=exampleseconddomain,DC=company,DC=com",
"user": "EXAMPLESECONDDOMAIN\\mesadmin",
"password": ""
}
}
}
```
!!! info
It is not possible to configure more than one strategy through the DevOps Center.
!!! info
For more information, see the [[operation-guide-security-portal-index]] page.