Basically, I need to be able to attempt to authenticate against two different AD domains from IIS. I'd like to be able to automatically query both AD's and whichever comes back with an authentication wins. The users are completely separate and will only exist in their respective domain.         IIS           |           |   /-------------\   |                 |  ------        ------  AD1         AD2  JoeU        AmyU  JillU         JohnU So, if IIS requests to authenticate JoeU it will query both domains. JoeU will be found in AD1 so we can ignore whatever response comes back from AD2. Is this even possible using stock IIS 7? Is there a middleware or something to allow this type of configuration on IIS 7? Would this be a job for some kind of middleware sitting between IIS and the AD domains?