LDAP user lookup from child domain only returns results from parent domain

Posted on 2012-09-20
Last Modified: 2012-10-17
Hi all,

I have a parent domain called company.local which has two Windows 2008 R2 Server Standard Domain Controllers in it ( and

I have a child domain called, which also has two Windows Domain Controllers in ( [Windows Server 2008 Standard] and [Windows Server 2008 R2 Standard)

I am trying to get a piece of software running that uses LDAP for authentication. It works fine for users in the company.local domain but not for any users in the domain, so I am trying to troubleshoot this.

If I got into any of the four DCs and run the command

dsquery user -name Li*

I get results for Liz (who is in the company.local domain) but none for Linda (who is in the domain)

1) Should I be expecting this query to return results from the child domain as well as the parent domain, or does LDAP not work like that?

2) If I should be expecting Linda (in to be returned by my dsquery, then can anyone offer me any advice on what I can do to fix this problem?

Thank you for reading.
Question by:dr_dudd
    LVL 39

    Accepted Solution

    For that you need to specify domain in which you want to run query. By default current domain is searched. please try that code
    dsquery user "dc=child,dc=domain,dc=local" -name Li* | dsget user -samid -fn -ln -display

    Open in new window

    LVL 2

    Author Comment

    Thanks, iSiek, this worked for dsquery.

    Is there a way to set a configuration option to make such lookups also traverse the child domain by default? This software application I am trying to get to use AD authentication only allows me to point it at a server that has a Global Catalog, and by default on users on the parent domain can get AD authentication to work; users in the child domain are not recognised.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    SQL Command Tool comes with APEX under SQL Workshop. It helps us to make changes on the database directly using a graphical user interface. This helps us writing any SQL/ PLSQL queries and execute it on the database and we can create any database ob…
    This article explains all about SQL Server Piecemeal Restore with examples in step by step manner.
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now