LDAP queries over trust


We have a trust between Domain A and Domain B in place and now we want to let a memberserver (MS SQL) in Domain A do ldap queries on the DC in Domain B.

The servers are Windows Server 2008 R2 sp1.

It appears that it's not enough with the trust, we also (i think) need to open some ports between the memberserver and Domain B.

Is this correct and if so, which ports are needed?

Kasper KatzmannSeniorkonsulentAsked:
Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
Check below article for port requirement between both domain controller

Also download PortQueryUI tool from Microsoft to find out if any port is blocked

Radhakrishnan RSenior Technical LeadCommented:

Why you are thinking that the trust is not working properly? are you not able to manage/access resources across?

Port 389 should be open for LDAP. I believe it should be open bydefault.
Kasper KatzmannSeniorkonsulentAuthor Commented:
The trust works fine. It validates as supposed.
But it isn't enough with the trust, if I want a member server to be able to do ldap queries on Domain B. ...i think.
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

What error you are getting ?

Try querying opposite AD with there domain FQDN...

Also open TCP 389, 636, 3268 and 3269 from SQL server to opposite domain DCs

Then check if its work
Kasper KatzmannSeniorkonsulentAuthor Commented:
I just get a timeout when testing.
The mentioned ports are open in the firewall and packets are getting through on port 389 and 3268, but still no success.

When I test, I try to set NTFS permissions on a folder on the memberserver in domain a. I can see the remote domain when selecting Location, but when I try to search for a user in the remote domain, it just times out.

I have disabled the Windows firewalls on both servers.
Kasper KatzmannSeniorkonsulentAuthor Commented:
Those ports are open (the trust is fully validated).
I give PortQueryUI a shot.
Kasper KatzmannSeniorkonsulentAuthor Commented:
Do you know if there is a PortQuery tool for Server 2008 and 2012?
I guess that it will work as intended on those as well, but the owner of the member server will not use when it isn't made for the newer versions.
The existing PortQueryUI (GUI Tool) should work on 2008 and 2012  \ 2012 R2 as well

I have used it successfully on 2008 R12 servers, it should work for 2012 as well
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.