Solved

LDAP queries over trust

Posted on 2014-04-04
8
327 Views
Last Modified: 2014-04-25
Hi

We have a trust between Domain A and Domain B in place and now we want to let a memberserver (MS SQL) in Domain A do ldap queries on the DC in Domain B.

The servers are Windows Server 2008 R2 sp1.

It appears that it's not enough with the trust, we also (i think) need to open some ports between the memberserver and Domain B.

Is this correct and if so, which ports are needed?

Regards
Kasper
0
Comment
Question by:Kasper Katzmann
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 39977581
Hi,

Why you are thinking that the trust is not working properly? are you not able to manage/access resources across?

Port 389 should be open for LDAP. I believe it should be open bydefault.
0
 

Author Comment

by:Kasper Katzmann
ID: 39977603
The trust works fine. It validates as supposed.
But it isn't enough with the trust, if I want a member server to be able to do ldap queries on Domain B. ...i think.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39977969
What error you are getting ?

Try querying opposite AD with there domain FQDN...

Also open TCP 389, 636, 3268 and 3269 from SQL server to opposite domain DCs

Then check if its work
0
 

Author Comment

by:Kasper Katzmann
ID: 39990778
I just get a timeout when testing.
The mentioned ports are open in the firewall and packets are getting through on port 389 and 3268, but still no success.

When I test, I try to set NTFS permissions on a folder on the memberserver in domain a. I can see the remote domain when selecting Location, but when I try to search for a user in the remote domain, it just times out.

I have disabled the Windows firewalls on both servers.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39991059
Check below article for port requirement between both domain controller
http://support.microsoft.com/kb/179442

Also download PortQueryUI tool from Microsoft to find out if any port is blocked

Mahesh.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991069
Those ports are open (the trust is fully validated).
I give PortQueryUI a shot.
0
 

Author Comment

by:Kasper Katzmann
ID: 39991212
Do you know if there is a PortQuery tool for Server 2008 and 2012?
I guess that it will work as intended on those as well, but the owner of the member server will not use when it isn't made for the newer versions.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39991223
The existing PortQueryUI (GUI Tool) should work on 2008 and 2012  \ 2012 R2 as well

I have used it successfully on 2008 R12 servers, it should work for 2012 as well
0

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now