You probably have a trust relationship between realms, the systems create a map of domain names -> realms and query DNS for the local service record and then sift the table to find the relationship based on domain name. That trust relationship has to be set up, though if I recall that's done on the KDC and not the local client. (Thanks God for the Manual)
Quote:
There are no users/groups in the DMZ (BOBNET.INT) domain only computer accounts.
|
They have to have local accounts then, otherwise how would you log into them? The way you're explaining the one way trust makes sense, if the two domains were fully trusted, then users from BOB would be able to log onto machines in BOBNET using their BOB domain accounts since the security database would be replicated.