The OS ESM Module lets users sign in to ESF-protected systems (Enterprise Server regions and MFDS) using their operating system username and password. (Currently OS ESM is supported only on Windows.) When OS ESM is used, users sign on to MFDS, ESMAC, and/or MTO (depending on your security configuration) with their Windows username and password.
By default OS ESM first tries to sign a user on locally; if that fails, it does a search in the default domain (in the domain forest, on Windows 2003 and later) and tries again in the first domain where it finds the user. You can specify a different domain to try initially in the security manager configuration (see the configuration section below).
Note, though, that OS ESM is limited to what Windows normally allows; it cannot verify a user in a domain that is not trusted by the local system. Basically, you should be able to sign on to any domain that's listed in your Windows sign-on dialog.
The OS ESM itself has support for domain\username syntax and UPN usernames (username@domain.tld), but the sign-on screens for MFDS and MTO do not currently support them, so they cannot be used in this version of Enterprise Server.
The OS ESM supports ESF Passtokens, which can be used to automatically pass credentials between MFDS and ESMAC, if both MFDS and Enterprise Server are configured to use OS ESM.