I am currently supporting systems in multiple Domains in our Forest. An OnCommand Unified Manager 6.3 server is installed in each Domain using a Domain User account for LDAP remote authentication. We have created Security Groups in each Domain and added the admins from the monitoring department so they can log into OnCommand Unified using their Domain Accounts. This is an administrative overhead we would like to resolve.
Each of these Domains have a Trust Relationship. We would like to use only 1 Domain account to access these systems.
Creating local accounts on the OnCommand server would violate our security policy.
If you have remote authentication enabled, you can disable nested group authentication so that only individual users and not group members can remotely authenticate to Unified Manager. You might disable nested groups when you want to improve Active Directory authentication response time.