(also posted in the "Directory Services" group) We have two departments, each managed by different groups, each in its own forest/domain. Both are Windows AD, one is 2008 the other is 2003R2. They is a physical path between them, but there is a firewall between the groups. We have a need for about 1,500 users to access an application in the other forest. The application is accessed via terminal services/RDP. Due to the large number for firewall ports that would have to be opened, we’re looking for alternatives to an A/D forest/domain trust. We thought of using ADFS, but that only seems to be usable for web based applications. We’re also trying to avoid having to create and maintain 1,500 duplicate accounts in the resource domain. Is there any other options to accomplish what we need? Any suggestions appreciated. Mike O.

Hello, please see your other thread: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/e66dd696-055d-49a5-bec4-7e7e66190669Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.