hscanlan
asked on
Multiple Active Directory Domains
I have an application which is using Active Directory to authenticate users.
The company I work for has Multiple domains (2 right now) in a single forest
Users are nested by universal groups.
The application can't query users from across either domain
What do you have to do to AD so you can read across the domain?
For example:
We have a forest called "MAIN"
We have a Domain called "DOMAINA" and a Domain called "DOMAINB"
Each Domain is within "MAIN".
We have an Universal Group in DomianA which holds user objects from both Domains. But users in DomainB cannot query DomainA for a result set of group membership
our application querys an LDAP string and compairs that findings with users memberOF attribute, but fails accross domains....
what do we have to do to allow users from both domainA and domainB share the same LDAP path
example:
CN=MyGroup,OU=Groups,DC=Do mainA,DC=C OM
For some reasons, if a user is apart of DOMAINA, and DOMAINA has rights to DOMAINB
The company I work for has Multiple domains (2 right now) in a single forest
Users are nested by universal groups.
The application can't query users from across either domain
What do you have to do to AD so you can read across the domain?
For example:
We have a forest called "MAIN"
We have a Domain called "DOMAINA" and a Domain called "DOMAINB"
Each Domain is within "MAIN".
We have an Universal Group in DomianA which holds user objects from both Domains. But users in DomainB cannot query DomainA for a result set of group membership
our application querys an LDAP string and compairs that findings with users memberOF attribute, but fails accross domains....
what do we have to do to allow users from both domainA and domainB share the same LDAP path
example:
CN=MyGroup,OU=Groups,DC=Do
For some reasons, if a user is apart of DOMAINA, and DOMAINA has rights to DOMAINB
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.