So I've got a situation where AD is fully deployed with over 250,000 user objects. We are getting ready to use a new applications that is hosted at a datacenter in Kansas City. I know we could add a DC to the datacenter, but for security reasons, management doesn't want to expose all 250,000 user accounts when only 15,000 users will be using the app. (the app requires authentication).
I'm trying to avoid the authentication from having to be passed back to Corp HQ. I also can't change the user experience... anyone have any suggestions?
-SuperDale