How to write a Cross Forest LDAP Query in C#?

Question

I'm trying to write an efficient LDAP Query that returns results from another Forest/Domain. There is not a two-way trust in place. There are not conditional forwarders in place. What I do have is a verified network connection, an IP address and a service account and password to use.

This is the basic LDAP code I usually use.

        DirectoryEntry deParent = new DirectoryEntry("LDAPS://000.0.000.00/DC=bob,DC=earl,DC=john,DC=whatever");
        deParent.Username = "Domain\UserName";
        deParent.Password = "Password";
        deParent.AuthenticationType = AuthenticationTypes.Secure;            
        DirectorySearcher ds = new DirectorySearcher(deParent, qry, columns, SearchScope.Subtree);

I know this is a little broad spectrum, but there's a lot of conflicting information out there. So.

Is a trust REQUIRED to perform a cross forest query? Query only, no login except for the service account.
Will a basic DirectoryEntry call like above work?
Can anyone please provide an example of a working cross forest query in c#?

Jack · Accepted Answer

1.Is a trust REQUIRED to perform a cross forest query? Query only, no login except for the service account.

No, a trust isn't required to perform a cross forest query.

2.Will a basic DirectoryEntry call like above work? Not even a little bit. The standard Directory Entry method would/might work if appropriate trusts were involved.

3.Can anyone please provide an example of a working cross forest query in c#? This Method works.

And This has more information.

and just in case, if you don't have a dns entry for the forests FQDN, just update your HOSTS file to point it in the right place.

And even more information. If your Search Request is extremely slow (~48-60 seconds), be sure to turn referral chasing OFF!

    connection.SessionOptions.ReferralChasing = ReferralChasingOptions.None;

How to write a Cross Forest LDAP Query in C#?

Answers (2)

Related Questions