randall_williams-esristaff since you seem to be familiar with this topic I want to confirm that NIM only addresses cases in which a 2 way trust exists?
I think we also found via manual configuration options it provides failover redundancy so that if LDAP1 store goes down it goes to LDAP2 store.
We have been fighting a major issue here for 2 years now due to the ArcServer limitations of a single store. We have a 1 way trust scenario where our external users forest trusts our internal users forest but the internal doesn't trust the external. We have done several conference calls with ESRI staff, tried to find middleware to address these shortcomings and made attempts to architect solutions on our end. Thus far, about the only solution we have come across is using AD LDS and that's it's own nightmare scenario but also adds on a lot of complexity from our Administrators end to manage the LDS store, etc.
To be fair, ESRI is not the only vendor application we have run into this issue with. Just a bit frustrating because it's a valid scenario and one that Microsoft invested the time in building in to meets lots of security check boxes but so many applications can't properly allow the MS end to simply do what it's designed to do. The standard answer we always seem to get is, "sorry, you have to stand up 2 environments, doubling your resource costs and administrators work loads while also ensuring you keep both environments mirroring each other to ensure internal and external users access the same things."
Just wanted to see if you knew of any pending updates on the ESRI end for scenarios such as ours or know of work arounds we maybe have not investigated?
