Hi,
Our platform is
BO XI 3.1 SP2 on Win2k3SP2
Hosted on Domain0 in Forest0
Users belong to DomainsN.X in ForestsN
Forest0 has
Forest level trust with some of the domains (root Forest level, full transitive)
External bi-directional domain trust with others belonging to different forests
Manual AD authentication works both for web applications and for heavy clients like Designer, etc.
SSO 2 DB works for users hosted on domains below a root forest trust but not for users connected through an external domain trust.
Till there, normal and documented.
Due to organisation/authorisation process we cannot let other other domains manage group membership....
Thus, we need to create on domain0 the AD groups (local Domain type) that will be mapped in the Cmc.
i.e. Domain0\GroupA will contain users from any other domain.
*The problem: When the groups are mapped in the WinAd plugin of the Cmc
None of the group members are detected
Any user from any domain can login, its user is created at logon time in the Cmc, but the membership to GroupA (local AD group in domain0) is not detected so the rights granted through the AD group are not propagated to users: they login with no rights at all...
Note: when mapping groups from any other domain, members are detected and rights propagated but we cannot use this option...
Any idea to solve the issue or workaround for this type of administration?
Thanks in advance and regards,
N.