Multiple Active Directory Domains

Posted on 2005-04-19
Last Modified: 2013-12-04
I have an application which is using Active Directory to authenticate users.

The company I work for has Multiple domains (2 right now) in a single forest

Users are nested by universal groups.

The application can't query users from across either domain

What do you have to do to AD so you can read across the domain?

For example:

We have a forest called "MAIN"
We have a Domain called "DOMAINA" and a Domain called "DOMAINB"
Each Domain is within "MAIN".
We have an Universal Group in DomianA which holds user objects from both Domains.  But users in DomainB cannot query DomainA for a result set of group membership

our application querys an LDAP string and compairs that findings with users memberOF attribute, but fails accross domains....

what do we have to do to allow users from both domainA and domainB share the same LDAP path


For some reasons, if a user is apart of DOMAINA, and DOMAINA has rights to DOMAINB

Question by:hscanlan
    1 Comment
    LVL 12

    Accepted Solution

    This sounds like you might have a problem with your global catalog(s) and/or infrastructure master.

    First of all, when you do an LDAP query that fails, are you querying a global catalog?  I'm not sure, but I think you might need to direct the query to a global catalog when multiple domains are involved.

    Second, is your infrastructure master role on a global catalog server?  Normally, it should *not* be on a GC, although there are some exceptions.  


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now