User IDs may be defined more than once in a trusted domain forest. A trusted domain forest is a collection of domains that are interrelated through a network.
To prevent difficulties arising from the possibility of multiple users with the same user ID across a domain forest, you should use an ordered domain list as defined using the db2set and the registry variable DB2DOMAINLIST. When setting the order, the domains to be included in the list are separated by a comma. You must make a conscious decision regarding the order that the domains are searched when authenticating users.
Those user IDs that are present on domains further down the domain list will have to be renamed by you if they are to be authenticated for access.
Control of access can be done through the domain list. For example, if the domain of a user is not in the list, the user will not be allowed to connect.