Advanced configuration: Active Directory mode trusted cross-forest visibility

The Advanced configuration mode extends the functions of the Cloud Extender® Basic configuration mode to discover all users, groups, and relationships from all domains in the same forest or other forests where the service account is provisioned.

Use Advanced configuration mode with the following Active Directory scenarios:
  • Trusted multi-forest environment: The service account discovers users and groups from other domains in a trusted forest.
    Note: The Basic configuration mode does not support this scenario.
  • Restricting Active Directory integration to the current domain: The Cloud Extender in Active Directory mode discovers all users, groups, and relationships from all domains in the same forest. Use this option when you must restrict this scope to specific domains. However, LDAP mode is a better option for this scenario.
  • Cross-forest group membership support: A user is a member of one group in a forest (for example, Forest1), and also a member of another group in a forest (for example, Forest2).