?
Solved

LDAP queries over trust

Posted on 2014-04-04
8
Medium Priority
?
346 Views
Last Modified: 2014-04-25
Hi

We have a trust between Domain A and Domain B in place and now we want to let a memberserver (MS SQL) in Domain A do ldap queries on the DC in Domain B.

The servers are Windows Server 2008 R2 sp1.

It appears that it's not enough with the trust, we also (i think) need to open some ports between the memberserver and Domain B.

Is this correct and if so, which ports are needed?

Regards
Kasper
0
Comment
Question by:Kasper Katzmann
  • 4
  • 3
8 Comments
 
LVL 24

Expert Comment

by:Radhakrishnan R
ID: 39977581
Hi,

Why you are thinking that the trust is not working properly? are you not able to manage/access resources across?

Port 389 should be open for LDAP. I believe it should be open bydefault.
0
 

Author Comment

by:Kasper Katzmann
ID: 39977603
The trust works fine. It validates as supposed.
But it isn't enough with the trust, if I want a member server to be able to do ldap queries on Domain B. ...i think.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39977969
What error you are getting ?

Try querying opposite AD with there domain FQDN...

Also open TCP 389, 636, 3268 and 3269 from SQL server to opposite domain DCs

Then check if its work
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:Kasper Katzmann
ID: 39990778
I just get a timeout when testing.
The mentioned ports are open in the firewall and packets are getting through on port 389 and 3268, but still no success.

When I test, I try to set NTFS permissions on a folder on the memberserver in domain a. I can see the remote domain when selecting Location, but when I try to search for a user in the remote domain, it just times out.

I have disabled the Windows firewalls on both servers.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39991059
Check below article for port requirement between both domain controller
http://support.microsoft.com/kb/179442

Also download PortQueryUI tool from Microsoft to find out if any port is blocked

Mahesh.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991069
Those ports are open (the trust is fully validated).
I give PortQueryUI a shot.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991212
Do you know if there is a PortQuery tool for Server 2008 and 2012?
I guess that it will work as intended on those as well, but the owner of the member server will not use when it isn't made for the newer versions.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39991223
The existing PortQueryUI (GUI Tool) should work on 2008 and 2012  \ 2012 R2 as well

I have used it successfully on 2008 R12 servers, it should work for 2012 as well
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question