We have ~50 domains across the organization who want to join in and use Splunk. They all have two way trust enabled so I have a service account established for AD integration. However, the results do not return other trees users.
Please let me know if this is possible, and we're doing it wrong, or if indeed I have to add 50 LDAP strategies.
I'm hoping this is just something fundamental I can configure.
you have service account in your hand but you was not able to get the other trees user because for that particular service account, there is something called ACL which is declared in LDAP server where you have edit the ACL to display the other trees users.