I'm wondering if machine identity propagation can be turned off when it's not being used. We're just using network and user authentication to validate access not machine identity.
Also, the domain controllers its trying to get to are not configured in our LDAP account unit by design. We are only using domain controllers in domain A, not B or C to validate users. Those domain controllers exist for off site customers.
In the case I did want to use those other domain controllers from other domains, I assume I would have to use MDS for management (multiple domains). IOW, if someone LDAP used a domain from domain B, a DC in domain A wouldn't find it even if I had it listed as a DC. You can't control which DC is used for each rule. Maybe, that will change in R81.20?