Solved

LDAP queries over trust

Posted on 2014-04-04
8
333 Views
Last Modified: 2014-04-25
Hi

We have a trust between Domain A and Domain B in place and now we want to let a memberserver (MS SQL) in Domain A do ldap queries on the DC in Domain B.

The servers are Windows Server 2008 R2 sp1.

It appears that it's not enough with the trust, we also (i think) need to open some ports between the memberserver and Domain B.

Is this correct and if so, which ports are needed?

Regards
Kasper
0
Comment
Question by:Kasper Katzmann
  • 4
  • 3
8 Comments
 
LVL 21

Expert Comment

by:RK
ID: 39977581
Hi,

Why you are thinking that the trust is not working properly? are you not able to manage/access resources across?

Port 389 should be open for LDAP. I believe it should be open bydefault.
0
 

Author Comment

by:Kasper Katzmann
ID: 39977603
The trust works fine. It validates as supposed.
But it isn't enough with the trust, if I want a member server to be able to do ldap queries on Domain B. ...i think.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39977969
What error you are getting ?

Try querying opposite AD with there domain FQDN...

Also open TCP 389, 636, 3268 and 3269 from SQL server to opposite domain DCs

Then check if its work
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Kasper Katzmann
ID: 39990778
I just get a timeout when testing.
The mentioned ports are open in the firewall and packets are getting through on port 389 and 3268, but still no success.

When I test, I try to set NTFS permissions on a folder on the memberserver in domain a. I can see the remote domain when selecting Location, but when I try to search for a user in the remote domain, it just times out.

I have disabled the Windows firewalls on both servers.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39991059
Check below article for port requirement between both domain controller
http://support.microsoft.com/kb/179442

Also download PortQueryUI tool from Microsoft to find out if any port is blocked

Mahesh.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991069
Those ports are open (the trust is fully validated).
I give PortQueryUI a shot.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991212
Do you know if there is a PortQuery tool for Server 2008 and 2012?
I guess that it will work as intended on those as well, but the owner of the member server will not use when it isn't made for the newer versions.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39991223
The existing PortQueryUI (GUI Tool) should work on 2008 and 2012  \ 2012 R2 as well

I have used it successfully on 2008 R12 servers, it should work for 2012 as well
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question