I have a interesting project that I'm working on and I believe I have hit a snag that is going to throw a big monkey wrench in the deal.
Here is what I have to work with. 2 domains in separate forests. Company.corp CustProj.corp I have created a one way trust that allows users from Company.corp to authenticate to users in CustProj.corp. Inside of CustProj.corp there are a number of servers that users can authenticate using Company.corp credentials. The rub is when a user is logging into server1.CustProj.corp using Company.corp credentials the authentication request goes to a DC in Company.corp. This I believe is by design from Microsoft but requirements for this project dictate that there cannot be authentication requests from [servers].CustProj.corp to any DCs at Company.corp. The hope was to have the DC at CustProj.corp relay the auth requests on behalf of the client. Is there anyway to force this? Am I missing something that I can set this? Any ideas or third party products that might help? Eric
