I have a scenario where MDS admin users and MDS application pool exist in domain A , normal MDS users exist in domain B.
While this scenario worked with MDS 2012 after upgrade to MDS 2016 I am not able to navigate to functional area in MDS user security management with A\admin user- it yields "Access is Denied". Other areas in user security management work. The only information I could find in MDS log is: The user name or password is incorrect.
I thought it might be related to fact that cross forest domain roaming is disabled and those B domain users cannot have fully imported profiles on MDS machine. I have enabled it, forced GPO refresh - doesn't work
I tried with MDS database and application created by user from domain B - doesn't work
Any ideas how to investigate or fix it?
It looks like workaround is to create local user group for MDS users and then add this group to MDS.
This way you can change all permissions for a group. Each domain user will get created with all settings inherited from group.