Php – Authenticating AD via LDAP with a TRUST via PHP


I've got php code that works as expected to authenticate a user against an Active Directory domain using LDAP. The same domain now has a one-way trust enabled – users in the trusted domain don't appear to be visible.

Example group named "mygroup" with the members:


Queried with the filter:


Returns the following members:


Within the domain controller however all 3 users are visible as members of the group.

I assumed authentication for users against the trusted domain were failing as I had the wrong base DN or similar so wanted to enumerate the group members to better understand how the foreign users would appear.

Has anyone experienced success executing LDAP searched and obtaining data from objects that exist within a trusted domain?

Best Solution

If communicating via LDAPS the directory may provide more information (not verified however), but under straight LDAP none of the foreign directory samaccountnames are accessible.

All information is visible via Kerberos authenticated messaging - i.e. if you join a unix server to the domain via Samba then the Samba tools have full visibility.