WDE in two domain
My customer has 2 domain in different forest.(company A aquire company B) but between this domain is enable two way trust. Despite of this being enable LDAP synchronizations from doman A and B. Customer wants deploy WDE now but is same problem. We enable SSO, key mode SKM silent enrolment.
Policy is assign to membership global group WDEAcom in doman A and WDEBCom in doman B In one domain is OK. but some acount have email from domain A and B(firstname.lastname@example.org and user1@bcom,com)
If user log who has two email in domain A UServer creat account email@example.com.But if login in desktop on domain B Userver rename account firstname.lastname@example.org to email@example.com. So after reboot desktop user can't login on login firstname.lastname@example.org.
I surprised this behavior. Why UServer don't create two account.
WhIch parametr in LDAP is use to synchronizations with AD and assign to proper group in US ? How to fix or ovoid this problem?