If you want to add the user targetuser, who has a domain user account in forest2.net to the zone1 in forest1.net, where forest1.net trusts forest2.net (a one-way trust), you must use an account that has the following permissions:
- Permission to add a user to zone1 in forest1.net.
- Permission to read accounts in forest2.net.
If you have a single account with the appropriate permissions—for example, superuser in forest2.net—you can add the targetuser from forest2.net to the zone1 in forest1.net as follows:
Set-CdmCredential "forest1.net" "forest2\superuser"
New-CdmUserProfile -Zone "cn=zone1,cn=Zones,dc=forest1,dc=net"
-login "UNIXname" -uid nnnnn
where UNIXname is the UNIX login name of targetuser and nnnn is the UID of the targetuser.