Joe,
Thanks for your time. I will discuss this within our team and post
further
questions if needed.
Take care and warm regards,
Pallav Thakkar
"Joe Kaplan" wrote:
> Yes, your understanding is correct. As long as your code is flexible
enough
> to provide plaintext credentials from a trusted domain and provide
either
> the name of a DC in the target domain or the name of the domain itself,
it
> should still work to do most tasks. Operations requiring Kerberos auth
will
> not work (cross domain move primarily) since you can only get NTLM auth
if
> your machine is not part of their domain.
>
> Joe K.
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services
Programming"
> http://www.directoryprogramming.net
> --
> "Pallav Thakkar" <PallavThakkar@[EMAIL PROTECTED]
> wrote in
message
> news:9FA16300-8A87-4133-847E-ABD29096DC6C@[EMAIL PROTECTED]
> > Joe,
> >
> > Sorry but I did not fully understand what you mean. Wanted to get a
> > clarfication if possible.
> >
> > Since the code is making the call from a workgroup (or non-trusted
domain)
> > it is serverless binding and will not work.
> >
> > I can code the application to take the domain and credentials of a
> > non-trusted domain, but would this work?
> >
> > I am in a ABCTest domain and it is not trusted by XYZMain domain.
From a
> > computer in the ABCTest domain, I run an EXE that specifics an account
in
> > the
> > XYZMain domain and credentials, will I be able to connect and
enumerate
> > users
> > in the XYZMain domain?
> >
> > Thanks,
> > Pallav
> >
> > "Joe Kaplan" wrote:
> >
> >> You can't use any features that depend on serverless binding or
default
> >> credentials and will not be able to do Kerberos authentication. If
you
> >> code
> >> your app so that you can specify a domain and credentials, then you
> >> should
> >> be able to do most of the things you are doing now.
> >>
> >> Joe K.
> >> --
> >> Joe Kaplan-MS MVP Directory Services Programming
> >> Co-author of "The .NET Developer's Guide to Directory Services
> >> Programming"
> >> http://www.directoryprogramming.net
> >> --
> >> "Pallav Thakkar" <Pallav Thakkar@[EMAIL PROTECTED]
> wrote in
> >> message
> >> news:7921E270-2D9A-4E1F-93CD-53F7DA39FEC3@[EMAIL PROTECTED]
> >> >I have an EXE that pulls information from Active Directory.
> >> >
> >> > If the EXE is running from a computer that is let us say my laptop,
and
> >> > I
> >> > take that laptop into a company as a consultant and the company
does
> >> > not
> >> > allow my laptop to be trusted on their DOMAIN or allow my laptop to
be
> >> > part
> >> > of their DOMAIN, will I still be able to run my script in their
> >> > environment
> >> > to pull data from Active Directory. If so, what do I need to do
with
> >> > my
> >> > script? I am actually using C-Sharp.
> >> >
> >> > I have modified my EXE to use Impersonation. The company would
provide
> >> > me
> >> > with a Domain\User and password. In this scenario, will I be able
to
> >> > make
> >> > the code work (not having much luck) such that with only a
Domain\User
> >> > and
> >> > Password I will be able to impersonate the user account to connect
and
> >> > work
> >> > with Active Directory. Main thing here is that my laptop is in a
> >> > WORKGROUP
> >> > and not trusted on the Domain that the user account is in.
> >> >
> >> > Thanks,
> >> > Pallav
> >> >
> >>
> >>
> >>
>
>
>
|
