Does cross forest authentication work when using different schema in each forest?
Authentication Services 4.x will handle each forest individually.The schema in each forest will be read and used correctly allowing cross forest authentication between forests using different schema.
Please note this is not the case for earlier unsupported versions (2.x and 3.x) which needed the same schema in all forests.
The following options should also be configured in /etc/opt/quest/vas/vas.conf to allow cross-forest domain authentication:
cross-forest-domains = <DOMAIN>,<domain>
Default value: Not set
user-search-path = <DN>[;<DN>]...
Default value: entire AD domain the host is joined to
group-search-path = <DN>[;<DN>]...
Default value: The entire AD domain the host is joined to.
Please refer to the vas.conf manpage for further details on the above options.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center