I was recently (summer 2006) going through a document produced by MCS (Microsoft Consulting Services) last year (fall 2005) for an Active Directory design and came across a remarkable statement. The statement was that if you take two forests and connect them with a forest trust, the two forests become a single forest.
If you have ever read this anywhere or if in any way believe this is true, it isn’t. I don’t care who said it. If only it were, life would be much easier for many consultants and administrators.
There is no current Microsoft mechanism to take two AD forests and make one single AD forest other than to migrate one into the other and there is nothing trivial about that work. Ask anyone who has actually done it.
 joe
Â
Â
and we wait….. this is the feature I’ve been waiting for for years
I guess the biggest problem is merging 2 schemas – can’t be easy.
I think forest trusts would be a lot more usable if foreign security principals could be used in global and universal groups – though no doubt somebody will shoor me down with how stupid/insecure/whatever this is in actuality