Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


LDAP user lookup from child domain only returns results from parent domain

Posted on 2012-09-20
Medium Priority
Last Modified: 2012-10-17
Hi all,

I have a parent domain called company.local which has two Windows 2008 R2 Server Standard Domain Controllers in it (svr3.company.local and svr9.company.local)

I have a child domain called europe.company.local, which also has two Windows Domain Controllers in (svr1.europe.company.local [Windows Server 2008 Standard] and svr6.europe.company.local [Windows Server 2008 R2 Standard)

I am trying to get a piece of software running that uses LDAP for authentication. It works fine for users in the company.local domain but not for any users in the europe.company.local domain, so I am trying to troubleshoot this.

If I got into any of the four DCs and run the command

dsquery user -name Li*

I get results for Liz (who is in the company.local domain) but none for Linda (who is in the europe.company.local domain)

1) Should I be expecting this query to return results from the child domain as well as the parent domain, or does LDAP not work like that?

2) If I should be expecting Linda (in europe.company.local) to be returned by my dsquery, then can anyone offer me any advice on what I can do to fix this problem?

Thank you for reading.
Question by:dr_dudd
LVL 39

Accepted Solution

Krzysztof Pytko earned 1500 total points
ID: 38417466
For that you need to specify domain in which you want to run query. By default current domain is searched. please try that code
dsquery user "dc=child,dc=domain,dc=local" -name Li* | dsget user -samid -fn -ln -display

Open in new window


Author Comment

ID: 38428252
Thanks, iSiek, this worked for dsquery.

Is there a way to set a configuration option to make such lookups also traverse the child domain by default? This software application I am trying to get to use AD authentication only allows me to point it at a server that has a Global Catalog, and by default on users on the parent domain can get AD authentication to work; users in the child domain are not recognised.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question