I have a Windows service account. I need to grant it permission to impersonate another account within a group on another trusted domain, without delegation. So effectively, my service account says 'Oh, I'm Barnie@otherdomain.com' now. I know it's possible because it's been set up for another domain - but before I joined, and I don't know how they did it!
I'm a developer, but the directory admin people where I am don't seem to know what to do. Any help would be greatly appreciated!