Configure the CDO for Cross-Domain-Trust: The Setup

This is an introduction to several topics that walk you through configuring the CDO with two realms with cross-domain trust.

This step-by-step example involves two forests: forest.example.com and eastforest.example.com . The forests are configured so that certain users and groups in each forest can be authentictated by AD in the other forest.

Following is the example setup used in this example.

The simplest way for CDO to access users in Active Directory forests is to set up each forest as a realm. The forests must be configured with a two-way transitive forest trust relationship.

Using the preceding example, you would set up the CDO as follows:

  • Realm and directory for forest.example.com

  • Realm and directory for eastforest.example.com

Each realm in the example has one domain controller, which is configured in the CDO as a directory. The directories in this example are configured as follows:

  • forest.example.com

    • Base distinguished name (DN) for users: ou=UsersWest,dc=forest,dc=example,dc=com

    • Base DN for groups: ou=EngineringWest,dc=forest,dc=example,dc=com

  • eastforest.example.com

    • Base DN for users: ou=EastUsers,dc=eastforest,dc=example,dc=com

    • Base DN for groups: ou=EastEngineering,dc=eastforest,dc=example,dc=com