2 Replies - 441 Views - Last Post: 19 April 2019 - 12:32 PM

#1 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 15
  • View blog
  • Posts: 253
  • Joined: 25-May 16

Active Directory Across Domains

Posted 18 April 2019 - 08:37 AM

Hi everyone, I was working on a project and I was trying to get a user's active directory information so I was using the PrincipalContext library.

I used it like this
PrincipalContext context = new PrincipalContext(ContextType.Domain, model.UserDomain);

UserPrincipal user = UserPrincipal.FindByIdentity(context, model.UserName)



When I was running it locally, I was able to run it just fine.

The issue happened when I deployed it to a dev server and tried to use it. If I used credentials from the Domain the application lived on, everything was good. If I used credentials from a different Domain, it would error out saying that the user name or password was incorrect even though I was telling it which domain to check.

Is there a certain way I need to do this or do I need to find an alternative?

Is This A Good Question/Topic? 0
  • +

Replies To: Active Directory Across Domains

#2 baavgai   User is offline

  • Dreaming Coder
  • member icon


Reputation: 7442
  • View blog
  • Posts: 15,437
  • Joined: 16-October 07

Re: Active Directory Across Domains

Posted 19 April 2019 - 12:21 AM

In a Windows domain, you will always belong to one. Talking to another tends to be a challenge.

In this case, public PrincipalContext (System.DirectoryServices.AccountManagement.ContextType contextType, string name); is authenticating using the current user context. If you want to authenticate to a domain the user isn't in, you'll most likely have to also be explicit about the user doing the authenticating. public PrincipalContext (System.DirectoryServices.AccountManagement.ContextType contextType, string name, string userName, string password);.
Was This Post Helpful? 0
  • +
  • -

#3 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 15
  • View blog
  • Posts: 253
  • Joined: 25-May 16

Re: Active Directory Across Domains

Posted 19 April 2019 - 12:32 PM

I think I understand where you are coming from.

Everything is internal in our system but we have different domains.

Anything that is production can access the dev domain. So if I wanted to look into the dev AD and find a user, I am able to do so. If I am in the DEV domain and wanted to look at the production AD, I will not be able to do so since it looks like it's a one-way binding.


I checked this theory out by running it locally and passed in a different domain to the arguments to see if I could pull that AD information. I was able to.

When I was running it from the server and tried to pass in my own credentials, it was not able to find me because I am in the production AD and not in the DEV ad.

If that is the case, do I need to set up LDAP or something like that?
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1