Multiple Active Directory Domains

I have an application which is using Active Directory to authenticate users.

The company I work for has Multiple domains (2 right now) in a single forest

Users are nested by universal groups.

The application can't query users from across either domain

What do you have to do to AD so you can read across the domain?

For example:

We have a forest called "MAIN"
We have a Domain called "DOMAINA" and a Domain called "DOMAINB"
Each Domain is within "MAIN".
We have an Universal Group in DomianA which holds user objects from both Domains.  But users in DomainB cannot query DomainA for a result set of group membership

our application querys an LDAP string and compairs that findings with users memberOF attribute, but fails accross domains....

what do we have to do to allow users from both domainA and domainB share the same LDAP path


For some reasons, if a user is apart of DOMAINA, and DOMAINA has rights to DOMAINB

Who is Participating?
This sounds like you might have a problem with your global catalog(s) and/or infrastructure master.

First of all, when you do an LDAP query that fails, are you querying a global catalog?  I'm not sure, but I think you might need to direct the query to a global catalog when multiple domains are involved.

Second, is your infrastructure master role on a global catalog server?  Normally, it should *not* be on a GC, although there are some exceptions.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.