Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Can AD be searched from a non trusted source?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Can AD be searched from a non trusted source?

    We have 2 forests/domains (Domain A and Domain B) and we don't want to set up a direct trust to each other. Instead we're setting up a resource domain (Domain C) which each of the others domains will trust.

    We have an application in Domain A that users from Domain B will log on to but the application is apparently capable of going off and querying Domain C (resource domain where users from Domain B are nested into DL groups) to authenticate the users.

    Should this be possible? If there was no trust between Domain A and C, could an application in Domain A perform a lookup on Domain C using LDAP?

  • #2
    Re: Can AD be searched from a non trusted source?

    best suggestion, try it.

    DomainA trusts DomainC - so by rights, it would have to be able to look up resources in that domain.
    I have a memory of an associate years back, showing me something like LDAPWalk, where he could connect to the university's AD server and enumerate the domain, from a non-trusted machine.
    Please do show your appreciation to those who assist you by leaving Rep Point