Have a new 2012R2 Root forest domain (Forest A) which has DirectAccess configured for Windows 7 (Certificate) clients.
We also have another 2003 level forest (Forest B) which hosts user accounts and servers. Geographically both forests are in the same location so no Multisite deployment in place.
I want to issue laptops joined to Forest A to staff that have a user account in Forest B.
All works fine in the office, however when connecting remotely via DirectAccess the Forest B users can only ping servers in either Forest A or Forest B
If I then log into the same client laptop with a user account from Forest A then I can access resources in both Forests?
My understanding of DirectAccess was that as long as I have entries in the NPRT for the Forest FQDNsthen authentication would work as in the office - i.e. across the two-way trust? and that...