none
Querying AD information from users logging in from domain in different but trusted forest RRS feed

  • Question

  • I have been searching and trying to find if there is a way to query information about users (besides lanid) from users logging in from a domain in a different yet trusted forest WITHOUT SPECIFYING THE CREDENTIALS OF OTHER DOMAIN via code in an ASP.NET WebForm Application.  I had hopes that the System.DirectoryServices.AccountManagement namespace would be the answer, but it is not.  Using the following code:

    System.DirectoryServices.AccountManagement.UserPrincipal.Current. I was able to get the displayName, emailAddress, userPrincipalName, etc. of users logging on thru via the domain in the trusting forest, but was not able to get this information from the users from other domain in the trusted forest.  

    Note that I was able to get this information without specifying domain credentials when users log in to the domain in the trusting forest.  I'm thinking that there should be a way to get this information from other domains without specifying credentials if they are logging in from a domain in a trusted forest.  

    How do I go about doing this?


    Matt Stack

    Wednesday, December 2, 2015 4:28 PM

Answers

  • When you use DirectorySearcher, make sure you pass option for ReferralChasing property to ReferralChasingOption.All or External so that it'll also search on other trusted forests.

    If it does not work, make sure you can see members of other forests in Global Address List in order to ensure your domain is successful access to their global catalog.


    • Edited by cheong00Editor Thursday, December 3, 2015 1:51 AM
    • Marked as answer by witzer Friday, December 4, 2015 7:11 PM
    Thursday, December 3, 2015 1:39 AM
    Answerer

All replies

  • When you use DirectorySearcher, make sure you pass option for ReferralChasing property to ReferralChasingOption.All or External so that it'll also search on other trusted forests.

    If it does not work, make sure you can see members of other forests in Global Address List in order to ensure your domain is successful access to their global catalog.


    • Edited by cheong00Editor Thursday, December 3, 2015 1:51 AM
    • Marked as answer by witzer Friday, December 4, 2015 7:11 PM
    Thursday, December 3, 2015 1:39 AM
    Answerer
  • Using ReferralChasingOption.All was the key.  Thank you!! 

    Matt Stack

    Friday, December 4, 2015 7:11 PM