AD Auth Cross Domain User Groups

Hi all,

 

I'm trying to find a way to configure APM to check whether a user is a member of a Domain Local Group. Easy enough when the user is in the same domain, but in my case the user is in a different domain. There is a trust between the two domains.

 

So to lay it out: user1@acme.com is a member of Domain Local Group group1@contoso.com

 

I can authenticate user1@acme.com and get a list of group membership from acme.com (but obviously that won't list the contoso groups).

 

I've tried the adtest commandline but when I run the following query:

 

adtest -t query -h dc01.contoso.com" -r "contoso.com" -A Administrator -u user1 -D acme.com -d 1 -U true

 

It recognises that the user belongs in the acme.com domain and tries to run the query against that domain.

 

Any suggestions?