I was working on a new utility for a little while this evening because I have been thinking about it and my mind needed to get some of it down into c++ code… Anyway, I started thinking of different what if situations and came up with a question that I was curious how people would respond. I have my answer… but what do other people think?
You have a Windows Server 2003 Domain Controller that is a global catalog and you need to query it for all OUs in the entire forest…. The problem is that the reverse proxy only allows you to redirect port 389 to your client and no other domain controller is available to you… How do you query all OU objects in the forest that obviously exist on that GC?
I will let people post comments for a day or so as I am curious as to what people will say… Is it possible? Is it not possible?
joe
I dont think its possible to direct a ldap search to port 389 of a GC and search the entire forest.
To search the entire forest a null base must be used. However, As per http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true its not possible to use a null base on port 389 and a subtree scope as the ldap search req fails.
using a null base and the 3268 port it is possible to search a GC for all the OUs. But not if the port is changed to 389. At least thats what I think.
But if the reverse proxy listens to requests on 389 and forwards to the 3268 of the GC it may work. I say may as I havent tested 😉
Sorry just catching up on blog reading…maybe you already posted the answer but I haven’t gotten that far in my feeds yet. 🙂
3 words: phantom root control
If my memory serves me correctly, I think I told you about this a while back? I’d have to break out desktop search to know for sure. It was a while ago and I barely remember what I had for breakfast.