How to query Active Directory B if application server is in Active Directory A

Question

So heres my question. I have a Asp.net application with a form based authentication. I have users in my database but the users also has to be in the active directory.

The following code is for me to check if user is in the domain A

            DirectoryEntry de = new DirectoryEntry();
            de.Path = "LDAP://domainA.com";
            de.AuthenticationType = AuthenticationTypes.None;
            DirectorySearcher search = new DirectorySearcher(de);
            search.Filter = "(SAMAccountName=" + account + ")";
            search.PropertiesToLoad.Add("displayName");

            SearchResult result = search.FindOne();

This code work fine. The problem is client is requesting that domain B should also be able to connect to the application. So created the following code:

            DirectoryEntry de = new DirectoryEntry();
            de.Path = "LDAP://domainB.com";
            de.AuthenticationType = AuthenticationTypes.None;
            DirectorySearcher search = new DirectorySearcher(de);
            search.Filter = "(SAMAccountName=" + account + ")";
            search.PropertiesToLoad.Add("displayName");

            SearchResult result = search.FindOne();

Since my server is in domainA this does not work. Is there a way for me to query domainB knowing that the server is in domainA? I found an article saying trust needs to be setup for domainA and B but this domains shouldnt be linked. Its only for this application that they need this functionality.

P.S. I might forgot to explain an important detail. domainA and B are not on the same network. But domainA can ping domainB

Answer 1

While trying samples against a foreign domain, I noticed that the foreign DC is giving the error message "The server is unavailable" when using the wrong authentication type. Please try:

de.User = @"DOMAINB\user";
de.Password = "YourPassword";
de.AuthenticationType = AuthenticationTypes.None;

Of course this results in an unsecured BASIC simple bind, which removes any encryption ADSI might offer. If this works, you should try a more secure authentication type that the server accepts.

An alternative might be using the "System.DirectoryServices.Protocols"-namespace which offers a more lightweight approach for AD access. I can provide you with a sample I you want to go in this direction.

Answer 2

You will need to provide credentials that have permission to query AD on domain B.

var de = new DirectoryEntry("LDAP://domainB.com", "Username", "Password");
var search = new DirectorySearcher(de);