Imagine that you have Forest A and Forest B with one domain in each.
An there is a two way trust between the two domains.
There are a lot of users in both domains who make use of services in their own domain.
And there used to be people in both domains making use of services in the other domain, but you are not sure if there are still any such users.
How would it be possible to identify users making use of the trust?
A user from the domain in Forest A could access services in Forest B using an account in Forest B. So I can not make sure the trust is not being used by looking at what IP's traffic to the domain controllers in each domain is coming from.
Is there a way to enable some logging on the domain controllers that can identify if the trust is being used and by whom?
I am also concerned about the ability to catch users from one domain being members of groups in the other domain....