Hi,
We have a separate forest and domain for some users and want to sync users to it with an external tool. We would like to use Secure LDAP for this but we don't want to install a CA for this domain. There is a CA for another domain in a different forest. There is no trust between the domains/forests and the external tool will authenticate with the credentials in the domain on the target DCs.
So as far as I can tell we can treat this CA as an external CA. Is this setup going to work?
In my search I came upon http://social.technet.microsoft.com/Forums/windowsserver/en-US/aba0bc27-9c9b-4cd1-975d-3c9ce6b4c6e0/crossforest-ca-computerobject-not-found-by-policy-module?forum=winserversecurity but here there are trusts between the domains/forests.
Kind regards,
Karel