LDAP querry against resource domain - trust between windows domains

Hello,

 

I have an (maybe) unusual situation. The users are defined in one domain - users.com. They belong to several groups. I can go and do an LDAP querry against the AD server (server A) where they are defined and it works fine. Now, there is a one way trust between this domain and a second domain - resources.com (I made up the names :-)). In this second domain we have some groups and the users from the first domain belong to them. What I need to do is to query the resource.com domain server (server B) to see in which groups they are and apply the ACL specific to that group. But here I get stuck:

 

• if I query the server B using DN resources.com and the search filter CN=username it will tell me that this user does not exist under this DN. Which is normal
• if I query the server B using DN users.com and the same search filter it will send me a referral and the F5 stops there. Now even if it could follow the referral it would probably still not be ok as the server A responsible for the users.com domain would not know anything about the groups in the resources.com domain.

I am told that this is a usual setup in windows domain. Users defined in one domain centrally and multiple resource domains that have a one way trust to the user domain. So I wonder if anybody has encountered this and found the right way to run the queries. All this is done in and APM policy.

 

Regards

 

Carol