Re: Multiple Domains


"EMan" <EMan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25D821CC-6D3B-41B0-88E8-62C9A666C2D7@xxxxxxxxxxxxxxxx



When the LDAP is executed I get some users, but not all
of the users and I can't understand the reason why all users are not
returned. What can I do to read all of the users?

Chances are the same results will be returned if you execute this as
any other user (e.g., and Admin) would get the same results -- IF
not then you likely have a permission problem where you have not
delegated the necessary permissions to the account.

Yes this is true, I used an admin account and received 2 out of 218 users.

Then we can (provisionally) eliminate domain (where the query originates),
permissions, and the "user" as the source of the problem and you can focus
on the METHOD of the query as Ryan suggested.

Perhaps your query method has a "limit" or "threshold" but 2 sounds
unreasonably
small for such a limit.

Check you script locally, check it using another (admin) user, check
it remote with the admin until you can figure out what the specific
difference is if you have incorrect results.

I checked the script locally in D1 and I can read each OU and receive the
correct number of users.

Are you using the same query method/program when doing it locally?

When I use an admin account to read from D2, I get
the same results as the service account. It is not possible in this
application to get a two way trust. Should this work without a two way
trust?

Yes, because a two way trust is NOT required for what you have described.

You have users on ONLY one side, and resources (results of the query) ONLY
on the other side.

A trust is ONLY needed to grant users from the trusted side, access to
resources
from the trusting side:

Trusting-Resources --> Trusted Users

A good mnemonic is that the "Tings" (swedish chef accent) are on the
TrusTING side
at the Tail of the arrow, while the TED and ED are Users on the TrusTED side
at the
TrustHEAD side of the arrow.

Say it a few times and you will always know this with ZERO room for doubt.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)


.

Relevant Pages

  • Re: Multiple Domains
    ... delegated the necessary permissions to the account. ... I used an admin account and received 2 out of 218 users. ... Then we can eliminate domain (where the query originates), ... application to get a two way trust. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust to nt 4 domain from w2k3 forest
    ... > Hi i'm having a weird problem, i'm setting up a test network so i can try ... > out a trust between a nt 4 domain, ... > but when i try to assign permissions in domain b to users in domain a it ... > i can log in on any of the machines with an account from any domain. ...
    (microsoft.public.win2000.general)
  • Re: Trust to nt 4 domain from w2k3 forest
    ... > Hi i'm having a weird problem, i'm setting up a test network so i can try ... > out a trust between a nt 4 domain, ... > but when i try to assign permissions in domain b to users in domain a it ... > i can log in on any of the machines with an account from any domain. ...
    (microsoft.public.win2000.group_policy)
  • Re: Trust to nt 4 domain from w2k3 forest
    ... > Hi i'm having a weird problem, i'm setting up a test network so i can try ... > out a trust between a nt 4 domain, ... > but when i try to assign permissions in domain b to users in domain a it ... > i can log in on any of the machines with an account from any domain. ...
    (microsoft.public.win2000.dns)
  • Re: Trust to nt 4 domain from w2k3 forest
    ... > Hi i'm having a weird problem, i'm setting up a test network so i can try ... > out a trust between a nt 4 domain, ... > but when i try to assign permissions in domain b to users in domain a it ... > i can log in on any of the machines with an account from any domain. ...
    (microsoft.public.win2000.advanced_server)
Quantcast