The Okta AD agent isn't installed on domain controllers, per Okta recommendation. They are installed on seperate VMs. I went through my screen shots of the install, and didn't see where I gave the agent a DC name, just the name of the domain. Anyone else have any thoughts? I tried turning verbose logging on the AD Agent but didn't see the info I was looking for.
The host server on which the Okta AD agent is installed, must be a member of the same Windows domain of which your Active Directory users are members. During installation the setup will detect the Domain name and Integrated with that AD. Duriing Del Auth the same AD Domain is used for authenticating users.
I dont believe there is a log that directly tells you that. If you are looking for a specific case for a user, you would probably have to take your okta ad agent log, find the entry for that time and user and then compare with your DC logs for user login, then that could tell you which they used. Its a lot of manual work. I dont see anywhere in an logs that tells you directly though.
What is the behavior after your manually stop the Okta agent on a the server for a DR test? When you bring the service backup does it resume bing the primary? If not, how do we 'switch back' the server we want to be the primary? We confirmed the IWA agent does have the correct primary.