Connecting to Active Directory from Outside Domain

I need to create a Crystal Report that will access Active Directory but will run on a machine outside of the domain.  The machine resides in a different domain but within the same LAN as the target domain.

When I try to set the ADSI connection, I get the "table does not exist" error in response to the LDAP query.  Therefore, I assume that I am not authenticating and establishing the connection to ADSI.  I can't use integrated authentication since the machine is not logged into that domain.  I am providing a user that has sufficient rights and the user's password in the connection setup in the report.  I've tried the target computer's IP address as well as the fully qualified name for the connection's data source parameter, both of which result in the same error message.  I am also passing the qualified name of the user as well.

I assume I could set up a trust between the domains so that I could use integrated authentication, although I haven't tested that.  However, doing so will create more security and auditing issues that I want to avoid, especially since this isn't the only domain against which I'll have to report.  The best scenario would be getting the connection set properly from within the report so that it can be scheduled on CR Server.
TheTennManAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TheTennManConnect With a Mentor Author Commented:
I was finally able to connect to Active Directory from Crystal Reports from outside the domain.  The issue appears to be the way Crystal Reports submits the user name for authentication if you aren't using integrated authentication.  I was supplying the qualified user name as "domain.com/user" without success.  I also had tried "user@domain.com" as an althernative with the same results.  Finally, I tried the NetBIOS name for the domain with the user name ("NetBIOS domain/user") and successfully retrieved the data with the LDAP query.

I apologize for the delay in being able to get back to test this.  I'll be happy to split the points between the two of you since you tried to help by addressing the Microsoft side of the issue.  However, the solution resided within Crystal Reports, and I wanted to document it properly.
0
 
canaliConnect With a Mentor Commented:
try the following command before run Cristal Report script:
net use \\remotePCinAD\ipc$ /user:YOUR_AD_DOMAIN\yourADuser
now you have am authenticated session with the rmote pc

Bye Gas
0
 
zephyr_hex (Megan)Connect With a Mentor DeveloperCommented:
a couple of notes here..
first, can you ping the DC from the command line by IP and name?  if not, then your issue is with network communication.
if you can ping by both, then try to access a domain share.  when you access the share, pay attention to whether or not it asks for credentials.  the post given by canali above will make the non-domain computer "learn" the domain credentials.  however, if the non-domain computer reboots, it will have to "learn" the credentials again.
another possibility is to create a share to the domain database that allows Everyone access.
0
 
TheTennManAuthor Commented:
No network issues here.  Pinging the target computer by IP and name is not a problem.  Also, the shares on the target computer are accessible by supplying the proper domain credentials.
0
All Courses

From novice to tech pro — start learning today.