My customer has 2 domain in different forest.(company A aquire company B) but between this domain is enable two way trust. Despite of this being enable LDAP synchronizations from doman A and B. Customer wants deploy WDE now but is same problem. We enable SSO, key mode SKM silent enrolment.
Policy is assign to membership global group WDEAcom in doman A and WDEBCom in doman B In one domain is OK. but some acount have email from domain A and B(firstname.lastname@example.org and user1@bcom,com)
If user log who has two email in domain A UServer creat account email@example.com.But if login in desktop on domain B Userver rename account firstname.lastname@example.org to email@example.com. So after reboot desktop user can't login on login firstname.lastname@example.org.
I surprised this behavior. Why UServer don't create two account.
WhIch parametr in LDAP is use to synchronizations with AD and assign to proper group in US ? How to fix or ovoid this problem?
I don't want to manual rename on US. If I log with one account all is corect (US generate material for account from domain A email@example.com but after login from B this account is rename!!!.
Have you added the second domain in managed domains inside Universal Server?
You shouldn't manually rename anything on the Universal Server. Try with a new user, on both domains, it will create 2 accounts.