Thanks Guido (and others) It looks like the UPN and/or domain\userid approach with user education is going to be the way forward. It would be nice to collapse ForestB to a single domain infrastructure, but it won't happen any time soon. :-)
Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Saturday, 15 July 2006 2:42 a.m. To: [email protected] Subject: RE: [ActiveDir] Forest trust - domain drop down list yes Tony, this is standard behaviour - you'll only "see" domains that are directly trusted. Trust type doesn't matter. Even though a forest trust will be transitive to all child domains by default, you'll have to use UPN to authenticate to a child domain. Which is another reason why empty placeholder roots don't really make an administrator's life easier... The challenges continue for viewing objects of a trusted child-domain accross a forest trust in the object picker - afaik, it will also just show you the root domain (but you can find objects in the child by searching the GC...) if you put in a normal external trust between your DomB and the DomA2, you'll lose the benefit of kerberos authentication from your forest trust (when choosing DomA2 in the logon window). If that's ok for you, this is a solution, but then you might as well get rid of the forest trust... /Guido -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray Sent: Freitag, 14. Juli 2006 05:54 To: [email protected] Subject: [ActiveDir] Forest trust - domain drop down list Here's the scenario Forest trust between ForestA and ForestB. ForestA has two domains DomA1 (placeholder root) and DomA2 ForestB has one domain DomB Users from DomA2 sometimes log into DomB member machines. DomA2 is not shown in the drop-down list of domain names in the login dialog. DomA1 is shown. Users from DomB sometimes log into DomA2 member machines. DomB is not shown in the drop-down list of domain names ni the login dialog. Is it normal behaviour for the drop-down list not to show all the domains with trusts (including those that are transitive via the forest trust)? If so, is there any way to change the behaviour? The users can obviously login using UPN, but they are not used to doing this and there is talk of putting in an explicit domain trust between DomA2 and DomB simply to get around this. Ugh. Tony List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
