How cross-forest AD authentication works for a roaming user?
Posted on 2007-07-24
Windows Server 2003 & Windows XP question:
If you have two AD forests: Forest A and Forest B, each with 1 domain. There is a two-way trust between the Forests.
If a user with an account in Forest B sits down at a PC based in Forest A and logs on does the Kerberos authentication communication for that user account pass between the workstation and Forest B's domain controllers, or between Forest A's DCs and Forest B's DCs??
I'm trying to find out if I can prevent communication between workstations from one Forest and DCs in the other Forest.