Hi, I've got two domians in two forest: abc.local and contoso.xyz.local - bidirectional transitive trust between abc.local and xyz.local. I'm trying to make clone of sid for user TestUser from contoso.xyz.local to abc.local, using SidCloner.dll ([GreyCorbel.SidCloner]::CloneSid() - load assembly and use in Powershell). Everything works correctly in this direction. I've received "Access Denied" when I'm trying to do the same but in the opposite direction (from abc.local to contoso.xyz.local). To perform this operation I'm using domain admins user from both domains. I was try temporary grant full control for domain for each user but no result. Does anyone have any idea what else to check ? Thank you.