Deploying in multi-forest environments

If you’re deploying report services across multiple forests, there are a few tips to be aware of.

  • It is best to install report services once in a forest, and then monitor domains or zones in other trusted forests.
  • If you use domain-based mode, you need to install report services once in the domain. Make sure that any users who run report services and the service account have access to the domains for which you want to run reports.

Note:   If you need to grant access to a user account across a forest with a one-way selective trust, you enable selective authentication for that user.

Enabling selective authentication across a forest with a one-way selective trust

The instructions below are provided as a courtesy; for more information on selective authentication, see the following article:

https://technet.microsoft.com/en-us/library/cc794747(v=ws.10).aspx

How to enable selective authentication for a user across an Active Directory forest that has a one-way selective trust:

  1. Open Active Directory Domains and Trusts.
  2. ​In the console tree, right-click the domain node for the forest root domain, and then click Properties.
  3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the forest trust that you want to administer, and then click Properties.
  4. ​On the Authentication tab, click Selective authentication, and then click OK.
  5. Open Active Directory Users and Computers.
  6. Navigate to the Domain Controller the Report Services will use, right-click the computer object, and then click Properties.
  7. On the Security tab add the desired user and grant Allow for the Allowed to authenticate permission.

See also the Centrify knowledge base article KB-8071.