Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need help finding groups for a user from trusted domain

Status
Not open for further replies.
TravisLaborde

TravisLaborde

IS-IT--Management
Nov 4, 2002
84
US
In our network setup, we have users and groups on one domain and some groups on a separate trusted domain.

I need to find which groups a user is a member of. The "standard 5 lines of code" show me the groups that are on the same domain where the user exists, but not the groups from the trusted domain.

When I run the same query but specify the trusted domain in the CN=... it fails because the user does not exist in that domain.

Can anyone help me with this please?
 
Sort by date Sort by votes
The AD guys tell me the two domains have a trust relationship. And that when they manage the second domain, the can simply pull up a group and add members to it from the first domain.

So, we have something like: DOMAINTWO\GroupName

which contains users like: DOMAINONE\UserName


In my code I create a directory searcher with the CN pointing to DOMAINONE and looking up based on the username. I get the memberOf properties and see the groups. But the groups from the second domain are not listed.

If i change the CN to point to DOMAINTWO then the search returns no users.
 
Upvote 0 Downvote
Does the user that you are attempting this for in DomainTwo? Does the user account you are logged in as while attempting this have access to DomainTwo?

I would snag a free LDAP browser and see what IS in DomainTwo. Figure out if you need a different user, or account, or to make the link based on groups or something else.

-Rick

VB.Net Forum forum796 forum855 ASP.NET Forum
[monkey]I believe in killer coding ninja monkeys.[monkey]
 
Upvote 0 Downvote
In the second domain, the ussers from the first domain are lised as "ForeignSecurityPrincipals" ...

The "name" is S-1- ... you get the picture... But the "Readable Name" shows as "DOMAIN1\username"

Can I search by "readable name" instead of username and maybe find the user?

Drilling down on that entry does show the groups that I'm interested in.

Thanks!
Travis
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R_a_i_n_e_r_8
  • Locked
  • Question
Compile error: Types of intolerance (need help)
Replies
3
Views
413
strongm
strongm
2009luca
  • Locked
  • Question
GET date from classname
Replies
2
Views
161
2009luca
2009luca
tomminil4
  • Locked
  • Question
Help with VBA code
Replies
3
Views
214
strongm
strongm
sal21
  • Locked
  • Question
FORMAT output of Debug.Print .responseText (from api rest)
Replies
4
Views
177
2009luca
2009luca
2009luca
  • Locked
  • Question
GET splitted value from node and sub node in treeview
Replies
1
Views
165
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top