How to Synchronize Sophos with domain in another forest.......

You can use the console to manage Sophos endpoint security software in a multiple domain environment.

Known to apply to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 9.7,
Sophos Endpoint Security and Control 9.5,
Sophos Endpoint Security and Control 10.0

1. You must ensure that there is a two-way trust relationship between the domain containing the management server with the console on it, and the domains that it will manage. (For details of how to set up a trust relationship between domains, refer to the Microsoft documentation.) 
   
   
2. If you are running the Protect computers wizard from Enterprise Console or Sophos Control Center, the wizard prompts you for a username and password that is valid for the administration of the endpoint computers. 
   
   
   • If the computers are all in the same domain, the account username must be in the format
     [TargetDomain]\[AdministratorAccount] 
     
     
   • If the computers are on different domains covered by the same Active Directory schema, use the Enterprise Administrator account in Active Directory. The account username must be in the format
     [EnterpriseAdministratorAccount]

Technical Information

When deploying through the console only a one-way trust is required.  However a two-way trust ensures that the account used in the Protect computers wizard can both create the scheduled task to start the installation on the endpoint computer, as well as allow the software to connect back to the update server to start the download.  For further information on how the console installs endpoint software see article 12455

You can use the console to manage Sophos endpoint security software in a multiple domain environment.

Known to apply to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control 9.7,
Sophos Endpoint Security and Control 9.5,
Sophos Endpoint Security and Control 10.0

1. You must ensure that there is a two-way trust relationship between the domain containing the management server with the console on it, and the domains that it will manage. (For details of how to set up a trust relationship between domains, refer to the Microsoft documentation.) 
   
   
2. If you are running the Protect computers wizard from Enterprise Console or Sophos Control Center, the wizard prompts you for a username and password that is valid for the administration of the endpoint computers. 
   
   
   • If the computers are all in the same domain, the account username must be in the format
     [TargetDomain]\[AdministratorAccount] 
     
     
   • If the computers are on different domains covered by the same Active Directory schema, use the Enterprise Administrator account in Active Directory. The account username must be in the format
     [EnterpriseAdministratorAccount]

Technical Information

When deploying through the console only a one-way trust is required.  However a two-way trust ensures that the account used in the Protect computers wizard can both create the scheduled task to start the installation on the endpoint computer, as well as allow the software to connect back to the update server to start the download.  For further information on how the console installs endpoint software see article 12455