Using a single account credential

If you want to add the user targetuser, who has a domain user account in forest2.net to the zone1 in forest1.net, where forest1.net trusts forest2.net (a one-way trust), you must use an account that has the following permissions:

  • Permission to add a user to zone1 in forest1.net.
  • Permission to read accounts in forest2.net.

If you have a single account with the appropriate permissions—for example, superuser in forest2.net—you can add the targetuser from forest2.net to the zone1 in forest1.net as follows:

Set-CdmCredential "forest1.net" "forest2\superuser"
New-CdmUserProfile -Zone "cn=zone1,cn=Zones,dc=forest1,dc=net"
-User "cn=targetuser,cn=Users,dc=forest2,dc=net"
-login "UNIXname" -uid nnnnn

where UNIXname is the UNIX login name of targetuser and nnnn is the UID of the targetuser.