AD properties in federated forest environment

[Simon Rogers]

Hi there.

We were previously two separate companies that have joined
by acquisition and have implemented a federated forest to
join the domains together.

Within AD we are trying to implement a proper
organisational structure but have run into a problem. We
are trying to set the manager property for each person,
but have a situation where the account for a persons
manager might be in the other domain. In other words,
DomainA\JSmith has a manager of DomainB\FBloggs.

Does anyone know if this is technically possible to
implement?

Regards

Simon Rogers
(remove vegetable and hyphens for real address)

 

[Joe Richards [MVP]]

I do not believe so. With DN stored attributes like manager the value has to be
a valid DN from the same forest. This is why groups use
foreignSecurityPrincipals to represent users from "trusted" domains. You would
have to cook up something similar, you may in fact be able to use fsp's as well
but I haven't tried it.

joe

 

[Chriss3 [MVP]]

If they are in same forest. if not, there is not way so far I know.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup

 

[Simon Rogers]

Joe

Thanks for the reply

Simon

-----Original Message-----
I do not believe so. With DN stored attributes like manager the value has to be
a valid DN from the same forest. This is why groups use
foreignSecurityPrincipals to represent users

from "trusted" domains. You would

 

[Simon Rogers]

Thanks Chris

Simon

-----Original Message-----
If they are in same forest. if not, there is not way so far I know.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Simon Rogers" <[email protected]> skrev i meddelandet


.