Reputation: 25
How to find trusted domain groups using Ldap query
I have one forest like demo.com. In the forest contains two domains are first.demo.com and second.demo.com then I have several users in first.demo.com and created a group using that user. Again I created one group in second.demo.com using first.demo.com user. I want to get both groups using LDAP query.
Upvotes: 1
Views: 2486
Answers (1)
Reputation: 61068
When you run an ldap query, you query an LDAP partition, i.e. DC=first,DC=demo,DC=com. The partition DC=second,DC=demo,DC=com maybe is in the same forest, but is hosted on another domain controller and is a specific partition.
The global catalog holds information for the whole forest, but as it contains all users and groups accross the forest, some attributes are not recorded in (to minimize its size).
If you query an attribute that is not in the global catalog, my suggestion is that you should script your ldap query like this:
query the forest domain root to get the list of all domains in the forest
for each domain, run your ldap query
Upvotes: 1
Related Questions
- LDAP Get Groups Beginning With
- LDAP query to get list of members in an AD group
- LDAP query for membership in Active Directory Security Group
- LDAP group membership (including Domain Users)
- LDAP Find groups for a Active Directory User in .NET
- LDAP Java - Search for group membership across trusted domains
- C# ActiveDirectory LDAP Group Querying
- Query ActiveDirectory for groups, owned by groups, where i'm a member
- querying ldap to retrieve groups user is member of (in sharepoint)
- How can I determine if an AD group contains a given DirectoryEntry from another (trusted) domain?