Yes, your understanding is correct. As long as your code is flexible
enough
to provide plaintext credentials from a trusted domain and provide either
the name of a DC in the target domain or the name of the domain itself, it
should still work to do most tasks. Operations requiring Kerberos auth
will
not work (cross domain move primarily) since you can only get NTLM auth if
your machine is not part of their domain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Pallav Thakkar" <PallavThakkar@[EMAIL PROTECTED]
> wrote in
message
news:9FA16300-8A87-4133-847E-ABD29096DC6C@[EMAIL PROTECTED]
> Joe,
>
> Sorry but I did not fully understand what you mean. Wanted to get a
> clarfication if possible.
>
> Since the code is making the call from a workgroup (or non-trusted
domain)
> it is serverless binding and will not work.
>
> I can code the application to take the domain and credentials of a
> non-trusted domain, but would this work?
>
> I am in a ABCTest domain and it is not trusted by XYZMain domain. From
a
> computer in the ABCTest domain, I run an EXE that specifics an account
in
> the
> XYZMain domain and credentials, will I be able to connect and enumerate
> users
> in the XYZMain domain?
>
> Thanks,
> Pallav
>
> "Joe Kaplan" wrote:
>
>> You can't use any features that depend on serverless binding or default
>> credentials and will not be able to do Kerberos authentication. If you
>> code
>> your app so that you can specify a domain and credentials, then you
>> should
>> be able to do most of the things you are doing now.
>>
>> Joe K.
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> --
>> "Pallav Thakkar" <Pallav Thakkar@[EMAIL PROTECTED]
> wrote in
>> message
>> news:7921E270-2D9A-4E1F-93CD-53F7DA39FEC3@[EMAIL PROTECTED]
>> >I have an EXE that pulls information from Active Directory.
>> >
>> > If the EXE is running from a computer that is let us say my laptop,
and
>> > I
>> > take that laptop into a company as a consultant and the company does
>> > not
>> > allow my laptop to be trusted on their DOMAIN or allow my laptop to
be
>> > part
>> > of their DOMAIN, will I still be able to run my script in their
>> > environment
>> > to pull data from Active Directory. If so, what do I need to do with
>> > my
>> > script? I am actually using C-Sharp.
>> >
>> > I have modified my EXE to use Impersonation. The company would
provide
>> > me
>> > with a Domain\User and password. In this scenario, will I be able to
>> > make
>> > the code work (not having much luck) such that with only a
Domain\User
>> > and
>> > Password I will be able to impersonate the user account to connect
and
>> > work
>> > with Active Directory. Main thing here is that my laptop is in a
>> > WORKGROUP
>> > and not trusted on the Domain that the user account is in.
>> >
>> > Thanks,
>> > Pallav
>> >
>>
>>
>>
|
