Configure the Management Center for Cross-Domain-Trust: The Setup

This is an introduction to several topics that walk you through configuring the management center with two realms with cross-domain trust.

This step-by-step example involves two forests: forest.example.com and eastforest.example.com . The forests are configured so that certain users and groups in each forest can be authenticated by Microsoft AD in the other forest.

Following is the example setup used in this example.

The simplest way to access users in Active Directory forests is to set up each domain in a forest as a realm. The forests must be configured with a two-way transitive forest trust relationship. Only realms that contain users you wish to include in access control policies need be configured as realms.

Using the preceding example, you would set up the management center as follows:

  • Realm and directory for any domain in forest.example.com that contains users you want to control with access control policy

  • Realm and directory for any domain in eastforest.example.com that contains users you want to control with access control policy

Each realm in the example has one domain controller, which is configured in the management center as a directory. The directories in this example are configured as follows:

  • forest.example.com

    • Base distinguished name (DN) for users: ou=UsersWest,dc=forest,dc=example,dc=com

    • Base DN for groups: ou=EngineringWest,dc=forest,dc=example,dc=com

  • eastforest.example.com

    • Base DN for users: ou=EastUsers,dc=eastforest,dc=example,dc=com

    • Base DN for groups: ou=EastEngineering,dc=eastforest,dc=example,dc=com