Cross-Forests LDAP Connection string RRS feed

  • Question

  • User-1778886131 posted


    Is it possible to have a LDAP connection string that searches across forests?

    If I have 2 forests: forest A with domain A, forest B with domain B, there is a one-way trust between domain A and domain B.

    Domain B is the trusted domain, domain A is the trusting domain.

    Can I write a LDAP connection string that binds to domain A but able to forward users searches to domain B?

    eg: LDAP://domainA - forward searches to domain B if authenticating with domain B users or LDAP://domainA/DC=domainB

    Sunday, August 26, 2012 11:38 PM

All replies

  • User633205417 posted

    Here is you solution

    string ldapBase = "LDAP://DC_DNS_NAME:389/";
    string sFromWhere = ldapBase + "rootDSE";
    DirectoryEntry root = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD");
    string configurationNamingContext = root.Properties["configurationNamingContext"][0].ToString();
    /* Retreiving the root of all the domains
    sFromWhere = ldapBase + configurationNamingContext;
    DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "AdminLogin", "PWD");
    DirectorySearcher dsLookForDomain = new DirectorySearcher(deBase);
    dsLookForDomain.Filter = "(&(objectClass=crossRef)(nETBIOSName=*))";
    dsLookForDomain.SearchScope = SearchScope.Subtree;
    SearchResultCollection srcDomains = dsLookForDomain.FindAll();
    foreach (SearchResult aSRDomain in srcDomains)

    Then foreach domain, you can look for what you need.

    Wednesday, September 26, 2012 9:39 AM
  • User-1778886131 posted

    Thank You! I used the following to do authentication:


        DirectoryEntry root = new DirectoryEntry(
            | AuthenticationTypes.FastBind
                object tmp = root.NativeObject;
                return true;

    It works ok - What do you reckon about the approach above?



    Wednesday, September 26, 2012 10:11 PM