Last post Aug 09, 2013 02:36 AM by Steven Cheng - MSFT
Aug 01, 2013 11:39 AM|noobville|LINK
I am writing a custom .NET 4.0 solution that will replace a dependency my team has on DSML. Essentially I will have a WCF service that will be called with some criteria to search through active directory (AD) and return the values back to the component who
called the service. The issue is I am not sure how to go about this through the use of LDAP. The only experience I have will LDAP is validating perhaps a user's credentials, but that was in the same domain. This case is different. So I guess one of my questions
is if this is even practical? If it is, are there any examples available of doing a secure LDAP connection to from domain then to another domain's AD? Are there any known "issues" I should be aware of before I start developing essentially?
Any help with this topic will be greatly appreciated!
Aug 05, 2013 03:35 PM|march11|LINK
Sounds like an enormous security headache unless at the very least the domains are fully trusted.
Aug 09, 2013 02:36 AM|Steven Cheng - MSFT|LINK
Regarding on the cross-domain directory query/access scenario, I think the .NET DirectoryService programming part won't vary much from single domain scenario. However, you might need to make sure the two domains (your current domain and the target domain
to query data) have two-way trust relationship. Here are some web articles and threads talking on similar topics:
#Cross Forest LDAP Query and sub domains.
#Querying Groups and Users across multiple domains with LDAP in C# .NET
And I'd recommend you ask for more information about the AD configuration requirement for such scenario in the Windows Server Directory Service forum:
Windows Server Directory Service forum