Hi,
I have a requirement where we have one administrative AD Forest where all the Admin Accounts reside and we have multiple customer AD Forests which need to be managed using the Admin Accounts on the Administrative Forest. The administrative tasks in the customer AD Forest would include Creation of users, groups, assigning, modifying customer AD etc. I know we can easily achieve this by establishing an external forest trust between Customer AD Forest and Administrative Ad Forest, however we have security restrictions to establish a trust.
Would like to know if we can use ADFS in this scenario to achieve secure, single sign on into all the customer AD Forests and perform AD Administrative tasks? If yes are MMC, RDP, AD Management Tools SAML aware? If not how can we address this situation.
Thanks