Using two account credentials

If you don’t have a single account with the appropriate permissions in the two forests, adding the targetuser to a zone in another forest will require two accounts credentials. For example, you must identify accounts with the following permissions:

  • An account in forest1.netthat has permission to add a user to zone1 (user1).
  • An account in that has read permission on (user2).

After you identify the accounts with the appropriate permissions—for example, user1 in and user2 in—you can add the targetuser from to the zone1 in as follows:

Set-CdmCredential "" "forest1\user1"
Set-CdmCredential "" "forest2\user2"
New-CdmUserProfile `
-Zone "cn=zone1,cn=Zones,dc=forest1,dc=net" `
-User "" `
-login "UNIXname" `
-uid nnnnn

where UNIXname is the UNIX login name of targetuser and nnnn is the user’s UID.