2.5.3.2 Multiple Domains

This section discusses use cases that pertain to interactive domain logon in a cross-domain environment; for example, a user account is provisioned in one domain (domain1), a client computer is joined to another domain (domain2), and both domains are in the same forest. A user attempts to log on interactively to a machine that is joined to domain2. In this use case, AA1 denotes the Authentication Authority (AA) of domain1, AA2 denotes the AA of domain2, and Account DB #1 and Account DB #2 denote the account databases for domain1 and domain2, respectively.