For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's.
We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users.
I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin.
Any suggestions or help would be greatly appreciated
Best Answer
You need to use LDAP referrals.
https://www.rfc-editor.org/rfc/rfc4511#section-4.1.10
These can be configured within Active Directory using crossRef objects.
See:
http://support.microsoft.com/kb/241737
technet.microsoft.com/en-us/library/cc978014.aspx