Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

LDAP queries over trust

Posted on 2014-04-04
8
Medium Priority
?
343 Views
Last Modified: 2014-04-25
Hi

We have a trust between Domain A and Domain B in place and now we want to let a memberserver (MS SQL) in Domain A do ldap queries on the DC in Domain B.

The servers are Windows Server 2008 R2 sp1.

It appears that it's not enough with the trust, we also (i think) need to open some ports between the memberserver and Domain B.

Is this correct and if so, which ports are needed?

Regards
Kasper
0
Comment
Question by:Kasper Katzmann
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 23

Expert Comment

by:Radhakrishnan R
ID: 39977581
Hi,

Why you are thinking that the trust is not working properly? are you not able to manage/access resources across?

Port 389 should be open for LDAP. I believe it should be open bydefault.
0
 

Author Comment

by:Kasper Katzmann
ID: 39977603
The trust works fine. It validates as supposed.
But it isn't enough with the trust, if I want a member server to be able to do ldap queries on Domain B. ...i think.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39977969
What error you are getting ?

Try querying opposite AD with there domain FQDN...

Also open TCP 389, 636, 3268 and 3269 from SQL server to opposite domain DCs

Then check if its work
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:Kasper Katzmann
ID: 39990778
I just get a timeout when testing.
The mentioned ports are open in the firewall and packets are getting through on port 389 and 3268, but still no success.

When I test, I try to set NTFS permissions on a folder on the memberserver in domain a. I can see the remote domain when selecting Location, but when I try to search for a user in the remote domain, it just times out.

I have disabled the Windows firewalls on both servers.
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39991059
Check below article for port requirement between both domain controller
http://support.microsoft.com/kb/179442

Also download PortQueryUI tool from Microsoft to find out if any port is blocked

Mahesh.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991069
Those ports are open (the trust is fully validated).
I give PortQueryUI a shot.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991212
Do you know if there is a PortQuery tool for Server 2008 and 2012?
I guess that it will work as intended on those as well, but the owner of the member server will not use when it isn't made for the newer versions.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39991223
The existing PortQueryUI (GUI Tool) should work on 2008 and 2012  \ 2012 R2 as well

I have used it successfully on 2008 R12 servers, it should work for 2012 as well
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question