![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 97%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 17%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZH%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting in Q&A forum.
Yes, we need to configure Cloud Kerberos trust for every AD forest. Here are the steps to follow:
1.Enable Entra Kerberos in every domain involved in all forest.
2.Create AzureADKerberos Computer Object: For each AD forest, create an AzureADKerberos computer object in the respective domain. This object acts as a read-only domain controller (RODC) and is used by Microsoft Entra ID to generate Ticket Granting Tickets (TGTs)1.
3.Configure Cloud Kerberos Trust on endpoints via GPO or Intune.
4.Verify the configuration and ensure that users can authenticate via Cloud Kerberos Trust.
For further details, please refer to below Microsoft Official Documentation:
To help other customers who may be facing the same issue, please don't forget to vote if the reply is helpful.
Best Regards
Zunhui