Afternoon, the current scenario I have is my client has multiple domains all running at various security levels. We have deployed manageeninge into the primary domain and so far this has been pretty successful. I am now being asked how we can roll this out to the other domains. Security are saying that we can't opening up the firewalls between the primary instance and the other domains.

The only other option I can see is to setup another instance of ADSelfServicePlus which mean re-registration for the users and is not that smooth of a solution. I have an idea of creating a RDOC (Read Only Domain Controller) in the secondary domain within some kind of DMZ and point the manageeninge product at that according to MS the RDOC would then be responsible for talking directly to the other domain and then would make the changes this may reduce the risk that the security team have.

My question is has anyone else come up against this problem and have if so what other solutions have people come up with to get around this issue, if not would my idea even be feasible.

Thanks in advance.

Mark