Hello @RedWhiteBlack ,
Thank you for posting here.
Based on the description, I understand you have PKI in your Production forest.
1.Would you please describe the meaning of the "Bastion Forest" in your case, so that we can help you better?
2.What is the relationship between Bastion Forest and Production forest?
3.Do they ahve any trust relationship?
Here we can see a bastion environment planing.
Planning a bastion environment
https://learn.microsoft.com/en-us/microsoft-identity-manager/pam/planning-bastion-environment
Should you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou