Wednesday, March 19, 2008

AD Child Domain Referral Searches

If your ldp tool fails to find users / groups from other child / brother domains due to referral issues, use the following method to override the search criteria.

First create an account with Enterprise Admin rights over the full root domain. Once the rights are properly given, in ldp tool, set connection options to add LDAP_OPT_REFERRALS to 1 (after binding with this enterprise admin user) and then retry your search.

Add cross reference of trusted domain. You may use the following Microsoft support link as a reference:
http://support.microsoft.com/kb/241737

If you are coding, add this statement to make it work:
env.put( Context.REFERRAL, "follow" );

Here is the sample code:

import javax.naming.ldap.*;
import javax.naming.directory.*;
import javax.naming.*;
import javax.naming.directory.BasicAttributes;
import java.util.Properties;

public class test {
public static void main(String[] args) {

Properties env = new Properties();

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.REFERRAL, "follow" );
env.put(Context.SECURITY_PRINCIPAL, "Rajnish");
env.put(Context.SECURITY_CREDENTIALS, "Bhatia01");

try {
LdapContext context = new InitialLdapContext(env, null);
String base = "DC=nj,DC=bhatiacorp,DC=com";
String filter = "(&(objectClass=group)(CN=rajadmin))";

SearchControls controls = new SearchControls();

String []strReturningAttr = {"member"};

controls.setReturningAttributes(strReturningAttr);
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);

NamingEnumeration answer = context.search(base, filter, controls);
int totalResults = 0;
String strMember ;
BasicAttributes userattrs;

// ... process attributes ...
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();

System.out.println(">>>" + sr.getName());

//Print out the groups

Attributes attrs = sr.getAttributes();

if (attrs != null) {

try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
Attribute attr = (Attribute)ae.next();
System.out.println("Attribute: " + attr.getID());
for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) {

strMember = (String) e.next();
System.out.println(" " + totalResults + ". " + strMember);
userattrs = (BasicAttributes)context.getAttributes(strMember);


}

}

}
catch (NamingException e) {
System.err.println("Problem listing membership: " + e);
}

}
}
System.out.println("TotalResults " + totalResults );
}
catch (NamingException e) {
System.out.println("Problem retrieving RootDSE: " + e);
}
}
}

Posted by Rajnish Bhatia at 10:16 PM

1 comment:

Unknown said...


Thanks for sharing such informative post on web hosting. Keep updating.
Snap on keywords to know more.
Web Hosting India | Domain Name Registration India | Web Hosting Companies in India

March 14, 2017 at 6:50 AM

Post a Comment

Subscribe to: Post Comments (Atom)