My customer has 2 domain in different forest.(company A aquire company B) but between this domain is enable two way trust. Despite of this being enable LDAP synchronizations from doman A and B. Customer wants deploy WDE now but is same problem. We enable SSO, key mode SKM silent enrolment.
Policy is assign to membership global group WDEAcom in doman A and WDEBCom in doman B In one domain is OK. but some acount have email from domain A and B(email@example.com and user1@bcom,com)
If user log who has two email in domain A UServer creat account firstname.lastname@example.org.But if login in desktop on domain B Userver rename account email@example.com to firstname.lastname@example.org. So after reboot desktop user can't login on login email@example.com.
I surprised this behavior. Why UServer don't create two account.
WhIch parametr in LDAP is use to synchronizations with AD and assign to proper group in US ? How to fix or ovoid this problem?
Have you added the second domain in managed domains inside Universal Server?
You shouldn't manually rename anything on the Universal Server. Try with a new user, on both domains, it will create 2 accounts.
I don't want to manual rename on US. If I log with one account all is corect (US generate material for account from domain A firstname.lastname@example.org but after login from B this account is rename!!!.