hi,
We have the following setup:
PCNS is deployed in Forest B and C, which is configured to sync passwords for Staff (Staff Group in Forest C) and Students (Student Group in Forest B) to their respective accounts in Forest A. This is working fine.
A new requirement is to have some of the Staff Forest C accounts created in Forest B. So here are some questions.
- Could we now setup PCNS in Forest C to also sync passwords to Forest B (for some of these new Staff accounts)?
- When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A; however, since PCNS in Forest B only monitors the Student AD Group (in order to synchronize to Forest A), any password changes to Staff members (not part of the Student AD Group) will be ignored. Is this correct?
- What if PCNS inclusion group was "Domain Users" in Forest B. When Forest C Staff member changes their password (in Forest C), this password will be synced to their account in Forest B and Forest A - would PCNS in Forest B be triggered for Staff again and password sync again to Forest A?
Image may be NSFW.
Clik here to view.
Thank you,
sk
