I'm trying to wrap my head around how to implement an Authentication Policy in a "Red Forest" scenario, where the administrators user accounts are in a different forest than the production ones and with a one-way trust between these forests.
It's not possible to add computers from PROD forest to the conditions of an Authentication Policy created in the RED forest, and it's also not possible to add users from "RED" forest to the Accounts of an Authentication Policy created in PROD forest.
Any advice for this scenario?
Thanks :)
Edit : I continued scrolling through the comments and found those from henrymoehsel and KiliMuc stating that this is not doable.
Given that the Red Forest is till an useful in some scenarios, especially disconnected ones; how would you adress this? By relying on Selective Authentication to prevent Admins from different tiers to logging onto servers where they shouldn't? Or go back to the "old" GPO mechanisms?