We have 2 forests/domains (Domain A and Domain B) and we don’t want to set up a direct trust to each other. Instead we’re setting up a resource domain (Domain C) which each of the others domains will trust.
We have an application in Domain A that users from Domain B will log on to but the application is apparently capable of going off and querying Domain C (resource domain where users from Domain B are nested into DL groups) to authenticate the users.
Should this be possible? If there was no trust between Domain A and C, could an application in Domain A perform a lookup on Domain C using LDAP?