In environments where you use an Active Directory-based central
store and have more than one domain controller, you can select the domain
controller to bind user configurations to when writing to the central store.
This binding scheme helps to reduce synchronization delays caused by
Active Directory replication. Such delays might occur in environments where
users access Single Sign-on in multiple Active Directory sites simultaneously.
During the discovery process available through the console, Single
Sign-on can discover every domain controller in your domain. You can then bind
user configurations that you created to a specific domain controller by
selecting that controller when you create a user configuration.
For example, you can require users to be bound to a domain
controller within their local network. After you specify a domain controller,
users are bound to that domain controller the next time they log on to Single
By default, users bind to any writeable domain controller until you
select a domain controller they must bind to. You can change the domain
controller setting at any time by updating the user configuration as needed
without losing user data integrity.
Note: When choosing a domain controller for binding, verify that the
resources available on the domain controller can accept the communication
traffic users generate when connecting to the domain controller during peak
If the specified domain controller is unavailable or offline, the
plug-in software uses the local store’s user data (that is, the user data
located on the user’s computer). If the domain controller is offline for a long
period of time (as defined by you), you can select the
Edit User Configuration task from the console
and choose another domain controller or the
Any writeable domain controller option.