AD FS with multiple forest

10-11  Source: Network gathering  Views:2 

Advertisement
Hello,
We have two forests. One forest (XYZ.COM) is at a functional level of Windows 2008R2. Second forest (ABC.COM) is at a functional level of Windows 2003. There is NO trust between the forests currently. They function as isolated entities.
The domain in forest (XYZ.COM) has an AD FS 2.0 farm configured as identity provider
to another company (KLM.COM). SSO is working fine to access the resource partner
(KLM.COM) claim enabled applications.
Though there is no trust between XYZ.COM and ABC.COM, XYZ.COM DNS has all the zone records pulled from ABC.COM as a secondary zone.  ABC.COM has a claims enabled application they want to host through XYZ.COM, hoping XYZ.COM can be a
 resource partner for other companies. How can we accomplish this?
Thanks
TIA TP
Hi Clarkeyi,
You can use the Active Directory® Federation Services (AD FS) server role to create a highly extensible, Internet-scalable, and secure identity access solution that can operate across multiple platforms, including both Windows and non-Windows environments.
For more information, please refer to the following articles:
Plan your AD FS deployment
http://technet.microsoft.com/en-us/library/dn151324.aspx
Regards,
Lany Zhang
Related articles