Maybe someone can give me a jump start here. This is regarding GPOs.
Due to a merger/aquisition we now have two forests that we're dealing with. We are pre-AD migrated but need to get some interoperability in place right now. We put a trust in place and now we have some users in the NEW company logging into their own domain, but the machine is on our domain. Get it?
So I would expect that when the machine boots up, it would get the GPOs from the domain it's a member of. This works as expected. No problem.
Now I would expect that when the user logs on, the user would get the user based GPO set from the domain where the User account lives, right? Not the case. The user is getting user based policies from the domain where the computer account lives.
Someone told me that this is by design (loopback processing). But is there a way to change this behavior if I want to? And if I can, should I? If this is the default, maybe there's good reason to keep it this way?
Thanks for listening,