Hi,
We are using a separate Host Guardian Services forest to support secure virtualization in some of our Hyper-V fabrics. It has been proposed to manage the (limited and restricted) accounts in the HGS forest by using MIM and a bastion forest. Is this a recommended solution? Obviously it will mean a trust between the HGS forest and the bastion. Would simply keeping the HGS forest totally separate and with the existing very limited support user access be a better idea?
I've not managed to find any mention of using MIM to control access to HGS in this manner.
Thanks for any info