Query Active Directory In Both The Configuration and Domain Contaners with a single query.

Hello,

I would like to query Active Directory in Both the Domain Container and the Configuration Container at the same time.   If I specify the Search Root as: DC=domain, DC=com the configuration is not included only the Domain Tree is included.  In order to query the configuration container I have to explicitly specify CN=Configuration, DC=domain, DC=com

Is there a "special" search root that can be used the will include both?

July 22nd, 2015 12:03pm

No the only special root in LDAP is the RootDSE which will return the Metadata about the directory in regards to which namespaces are available to query. You should think of a namespace as analogues to a database this is the ultimate root for any LDAP query you make.

Why do you need to do query them at the same time ? those namespaces contain different objects anyway if you really need to do it use multiple threads and combine the results.

Cheers
Glen

Free Windows Admin Tool Kit Click here and download it now
July 22nd, 2015 11:59pm

No the only special root in LDAP is the RootDSE which will return the Metadata about the directory in regards to which namespaces are available to query. You should think of a namespace as analogues to a database this is the ultimate root for any LDAP query you make.

Why do you need to do query them at the same time ? those namespaces contain different objects anyway if you really need to do it use multiple threads and combine the results.

Cheers
Glen

  • Proposed as answer by Prabhu Mallick Thursday, July 23, 2015 4:58 AM
July 23rd, 2015 3:57am

No the only special root in LDAP is the RootDSE which will return the Metadata about the directory in regards to which namespaces are available to query. You should think of a namespace as analogues to a database this is the ultimate root for any LDAP query you make.

Why do you need to do query them at the same time ? those namespaces contain different objects anyway if you really need to do it use multiple threads and combine the results.

Cheers
Glen

  • Proposed as answer by Prabhu Mallick Thursday, July 23, 2015 4:58 AM
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2015 3:57am

Hello,

The purpose is to allow an email gateway to query our Active Directory for both existing proxy addresses and the values for internal and external relay domains.

The latter information is stored in the configuration container, the former in the domain container. The gateway looks up based on the envelope address in the directory. If the object exists ok if not then the mail is rejected.

It would be preferred to have the gateway simply follow the configuration in Exchange AD rather than having to configure it manually when changes are made in exchange.

Thanks

August 7th, 2015 9:52pm

I would suggest you create a service that queries Active Directory and caches the configuration for your Gateway to access. Eg this is how Exchange does it (via the DSaccess cache)  you don't want to be going back to the directory every time you need to make a routing decision that won't scale or give good performance.  It also allows you to build is better resilience into your gateway by eliminating the need for AD to always be available etc. 

Cheers
Glen

Free Windows Admin Tool Kit Click here and download it now
August 11th, 2015 7:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics