Forum Discussion
Using gMSA accounts in a multiforest environment with one way trusts
We have an environment set up with a Red Forest and 5 separate forests. Each has a one way outgoing trust to the red forest. i have set up a gMSA account for the sensor for each forest with all DCs...
EliOfek
Microsoft
MicrosoftHi,
Making GMSA work across partial trust environments can be tricky to troubleshoot through a forum post, I suggest to open a support ticket where our support team can help by engaging both an MDI expert and an AD expert on this one to make sure it is done well.
In general, each sensor in a forest needs the permissions to pull the password for all GMSAs on all the other forests, then it should work, if it does not, we need to find out what is blocking it.
Make sure to attach the failing sensor logs when you open the support case.
Making GMSA work across partial trust environments can be tricky to troubleshoot through a forum post, I suggest to open a support ticket where our support team can help by engaging both an MDI expert and an AD expert on this one to make sure it is done well.
In general, each sensor in a forest needs the permissions to pull the password for all GMSAs on all the other forests, then it should work, if it does not, we need to find out what is blocking it.
Make sure to attach the failing sensor logs when you open the support case.