Hi,
My LDAP based service involves searching for user information across trusted AD forests. The search operations are based on GUIDs, SIDs, and Names. As I have mentioned already the search has to span across the forests.
e.g. I have two forests forest1.com and forest2.com. My application talks to Global Catalog server of forest1.com and need to look up for information of users in both forest1.com and forest2.com.
With LDAP referral handling enabled in my application, found that lookups using names work. But, could not find a way to successfully lookup for users using their SIDs or GUIDs.
e.g.
1. My LDAP application is connected to Global Catalog server of forest1.com
2. Have an user in forest2.com with GUID e0361393-bf09-4b39-9d-3d-8b72d78a1621 and SID S-1-5-21-3788342835-698758318-3857666980-500
3. LDAP search using the search filter (objectGUID=e0361393-bf09-4b39-9d-3d-8b72d78a1621) and search scope being entire forest, search doesn't yield any results. Same search works if I directly connect to forest2.com Global Catalog server.
Please let me know if there is a way to achieve my requirement.
Thanks,
Lokesh