Hi,
we have a multi-tenant Active Directory supporting a cloud workspace based on Citrix XenApp/XenDesktop. So many customers in 1 AD, each in their own OU. We have dedicated WAN links to many customer sites.
We've received a request from 1 customer to connect our AD to their (resource) forest using a Forest Trust, but since the customer uses he same IP range as one of our other customers we've implemented Source-NAT on the WAN link. I know that AD traffic and trusts in combination with Source-NAT are unsupported, but would it be a possible (and supported!) solution to setup 2 dedicated domain controllers in a separate site and configure sites & services in both forests to use the same site name? In this scenario the 'Core' domain controllers in the default site would not be accessible/routable from the remote forest.