THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Server, version 6.1 and later
Do EFT Server and SAT support a multi-forest configuration? Can EFT Server pull user accounts from multiple child domains and/or forests?
Domain local groups from other domains and also distribution groups are no longer supported in 8.0.
EFT Server allows you to specify only one domain and one group. However, that group can contain groups and users from foreign domains, as long as a trust relationship exists between the domains. This allows users from remote domains to authenticate to EFT Server. So, as long as a trust relationship exists between the domains, EFT Server can authenticate users from remote domains. The domain in which EFT Server resides will need to have a group that contains the foreign domain users. The main point is that EFT Server only talks to one AD/forest/controller. If the AD/forest/controller is properly configured to get information from the other domain/forest, then EFT Server will authenticate those users. This also applies to the Secure Ad Hoc Transfer (SAT) authentication module when AD authentication is used.
If you plan to override SAT’s Integrated
Windows Authentication by modifying the configuration settings
file’s Path, DomainAdminUser, DomainAdminPass (base64 encoded),
and AuthenticationMethod fields, you must also set "ConnectionSettingEnabled"
value="True", otherwise those values will NOT be used
Please refer to the online help topics Support for Foreign Groups and Using SAT with Active Directory.
NOTE: When your forest contains domain trees with many child
domains and you observe noticeable user authentication delays between
the child domains, you can optimize the user authentication process
between the child domains by creating shortcut trusts to mid-level
domains in the domain tree hierarchy.