One of the customer has multiple AD domains based on regions across the world. There was sudden authentication issues in one of the domain (one region) and none of the users where not able to login in EBS using SSO account. Rest all of the regions were working as expected.
Immediately, we looked in the status of DIP in IDM and found that particular domain in down and not able to reach from IDM servers.
Then we realized one of AD controller is decommissioned and DIP was not able to reach that particular server.
We got new address for that controller and updated the same in DIP and it worked.
But still, authentication was not going through in that region. Later, we found issue with ODSM.
There are bind and compare plugin available seperately for that region in ODSM which needs to be updated with new server address.
After updating ODSM, authentication issue was resolved.
Best practice is to have virtual address created for Domain controller and get that updated in DIP and ODSM to avoid the above said issue..
Happy learning..
