LDAP simple bind to cross-forest Active Directory with 2-way trust

active-directorytrust-relationship

I have two forests (example.local and accounting.local) that have 2-way trust established. On accounting, I can bind using accounting\bind. However, it fails from example.local

ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580

I also have a child domain for example.local and I can bind using the credentials from the child on example.local. Tried various forms of naming, baseDN, global vs dc. Thanks much

Best Answer

I tried it here and had the same result. According to the Microsoft documentation for ldap_simple_bind:

The ldap_simple_bind function is designed to bind to the local domain. The function cannot be used for cross forest authentication.

You will need to use a different (synchronous) bind method to cross forests. See the ldap_bind_s docs for more details.

Best Answer

Related Solutions

Azure – Creating a cross-forest Trust between two Active Directory Forests hosted on Azure VMs? (separate subscriptions)

Domain – DC with two-way forest trust does not see objects from another forest

Related Topic