Remove From My Forums

Cross Domain AD query

Question
0

Sign in to vote

User2043281626 posted

Hello,

I am writing a custom .NET 4.0 solution that will replace a dependency my team has on DSML. Essentially I will have a WCF service that will be called with some criteria to search through active directory (AD) and return the values back to the component who called the service. The issue is I am not sure how to go about this through the use of LDAP. The only experience I have will LDAP is validating perhaps a user's credentials, but that was in the same domain. This case is different. So I guess one of my questions is if this is even practical? If it is, are there any examples available of doing a secure LDAP connection to from domain then to another domain's AD? Are there any known "issues" I should be aware of before I start developing essentially?

Any help with this topic will be greatly appreciated!

Thursday, August 1, 2013 11:39 AM

Answers

0

Sign in to vote
User-742633084 posted

Hi noobville,

Regarding on the cross-domain directory query/access scenario, I think the .NET DirectoryService programming part won't vary much from single domain scenario. However, you might need to make sure the two domains (your current domain and the target domain to query data) have two-way trust relationship. Here are some web articles and threads talking on similar topics:

#Cross Forest LDAP Query and sub domains.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6257f7d1-5a07-4652-af0c-4550ddffe1c3/cross-forest-ldap-query-and-sub-domains

#Querying Groups and Users across multiple domains with LDAP in C# .NET
http://jokecamp.wordpress.com/2012/03/26/querying-groups-and-users-across-multiple-domains-with-ldap-in-c-net/

And I'd recommend you ask for more information about the AD configuration requirement for such scenario in the Windows Server Directory Service forum:

Windows Server Directory Service forum
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, August 9, 2013 2:36 AM

All replies

0

Sign in to vote

User-359936451 posted

Sounds like an enormous security headache unless at the very least the domains are fully trusted.

Monday, August 5, 2013 3:35 PM
0

Sign in to vote
User-742633084 posted

Hi noobville,

Regarding on the cross-domain directory query/access scenario, I think the .NET DirectoryService programming part won't vary much from single domain scenario. However, you might need to make sure the two domains (your current domain and the target domain to query data) have two-way trust relationship. Here are some web articles and threads talking on similar topics:

#Cross Forest LDAP Query and sub domains.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6257f7d1-5a07-4652-af0c-4550ddffe1c3/cross-forest-ldap-query-and-sub-domains

#Querying Groups and Users across multiple domains with LDAP in C# .NET
http://jokecamp.wordpress.com/2012/03/26/querying-groups-and-users-across-multiple-domains-with-ldap-in-c-net/

And I'd recommend you ask for more information about the AD configuration requirement for such scenario in the Windows Server Directory Service forum:

Windows Server Directory Service forum
http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Friday, August 9, 2013 2:36 AM