On 12 Aug 2017, at 20:14, Alexander Bokovoy via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
To close this thread, I helped Alexandre on the IRC. The basic issue is that one needs to plan domain space carefully when using trust to AD. Active Directory is more than just DNS zones, LDAP, Kerberos and friends. Active Directory domain controllers have internal assumptions on what belongs to AD namespace and what is not.
Thank you for driving this towards the end. I knew I was missing something and I’m glad I could learn something new as well.