Validating active directory user using a user between two sub domains

Question

I have the following scenario:

Domain company.com has two subdomains: a.company.com and b.company.com. The users are in both subdomains (mixed) but the technical user is only in a.company.com and has permissions on b.company.com as well as the domains are trusted.

When I try to generate a PrincipleContext as:

var oPrincipalContext = new PrincipalContext(ContextType.Domain, "b.company.com", null, ContextOptions.Negotiate | ContextOptions.Signing | ContextOptions.Sealing, "TechnicalUserName", "TechnicalUserPassword");

I get message that the user "TechnicalUserName" does not exists in "b.company.com". The message is okay but the user "TechnicalUserName" exist in "a.company.com" and has full privileges over "b.company.com"

The reason I have a technical user for creating PrincipleContext is because that context will be privileged to reset, change, and unlock other user active directory accounts.

What am I missing here?

score 1 · Answer 1 · answered Jan 29 '15 at 09:05

1

How about passing "TechnicalUserName@a.company.com" instead of just "TechnicalUserName"?

answered Jan 29 '15 at 09:05

baldpate

1,707
1
14
23

Fully qualified name doesn't help. I forgot to point that out. – DoomerDGR8 Jan 29 '15 at 11:49

score 1 · Answer 2 · edited May 23 '17 at 12:28

1

According to this post PrincipalContext does not support cross forest lookups and you'll need to use a DirectoryEntry/DirectorySearcher instead.

edited May 23 '17 at 12:28

Community

1
1

answered Jan 30 '15 at 05:44

codingChris

697
4
8

Validating active directory user using a user between two sub domains

2 Answers2