This content has been marked as final. Show 2 replies
Did you go through AD Connector Guide:1 person found this helpful
Enabling Reconciliation and Provisioning Operations Across Multiple Domains
You can perform reconciliation and provisioning operations across domains. This means that, for example, you can assign a user in one domain to a group in another domain
I have taken a look at it and it does seem that it will work with a Domain-Domain trust within a forest, but I think the one thing that isn't clear to me right now is whether or not this will work with a Forest-Forest trust. There are quite a bit of references to the AD Global Catalog (GC) and how to configure OIM to leverage it. I have limited knowledge of the inner workings of AD, but it seemed to me that the Global Catalog was something specific to a single forest.
I could be completely wrong about the GC though. If OIM can leverage the GC and the GC can allow OIM to reference objects (users specifically) that are stored external to the forest (though connected via Trust) then I believe that would suffice. Can anyone validate/confirm such a scenario or even point me to the right documentation?
Edited by: user602387 on Jan 29, 2013 3:25 PM