Hi,

My LDAP based service involves searching for user information across trusted AD forests. The search operations are based on GUIDs, SIDs, and Names. As I have mentioned already the search has to span across the forests.

e.g. I have two forests forest1.com and forest2.com. My application talks to Global Catalog server of forest1.com and need to look up for information of users in both forest1.com and forest2.com.

With LDAP referral handling enabled in my application, found that lookups using names work. But, could not find a way to successfully lookup for users using their SIDs or GUIDs.

e.g.

1. My LDAP application is connected to Global Catalog server of forest1.com

2. Have an user in forest2.com with GUID e0361393-bf09-4b39-9d-3d-8b72d78a1621 and SID  S-1-5-21-3788342835-698758318-3857666980-500

3. LDAP search using the search filter (objectGUID=e0361393-bf09-4b39-9d-3d-8b72d78a1621) and search scope being entire forest, search doesn't yield any results. Same search works if I directly connect to forest2.com Global Catalog server.

Please let me know if there is a way to achieve my requirement.

Thanks,

Lokesh

Hi Friends,

So far, no response to my question. Still hopeful of getting some response as AD itself uses SIDs for access control and supports cross-forest access. So, there should be a some way to get information of users/groups from other forests using SIDs.

Thanks,Lokesh

See the following post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/266c1862-8aad-4f18-8072-4fd859027ae1 for information about LDAP Referrals.