We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Asset Management Import App LDAP Support for Cross Forest/Domains

At the moment, the LDAP queries performed from Cireson Asset Management Import App will only support the same domain of where SCSM/Cireson sits. This is causing problems to customers who have SCSM/Cireson on a separate domain from where their production domain is located. (I hope this makes sense).

Can this be improved so that LDAP queries from cross forest/domains are supported. I recently had extended my Customer User Class to include certain fields from the Production AD environment however it will not populate because these environments are on separate domains.

It would naturally make sense if Cireson Asset Management App can support Cross Forest/Domain environments.

%domain% or %domainlong% does not work an LDAP variable on Cireson Asset Management Import App. I’ve already been trying to use these variables and it will only return the domain name of where SCSM/Cireson sits. The name of the production environment never gets pulled through.

10 votes

Submitted · Last Updated

Comments

  • Damien_CresswellDamien_Cresswell Customer IT Monkey ✭
    This should be a standard as not all companies would have SCSM sat on the same domain.
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    I have experienced the same as @Amarjit_Dhillon.  This renders the LDAP functionality close to useless for us, in what is otherwise a simple yet outstanding product.
  • Conner_WoodConner_Wood Customer Advanced IT Monkey ✭✭✭
    edited April 2017
    I believe UPN searching would solve this issue if they search the entire AD forest regarding multiple domains as UPN must be unique within the forest ( semi-related: Request - Allow for Portal authentication via user's UPN )

    As for Cross-Forest.... it'd have to search each forest separately from what I gathered....

    I think it'd be a great to have LDAP search the entire forest as opposed to the current domain.


    http://stackoverflow.com/questions/25333823/search-entire-active-directory-forest-by-username

    Use the Forest class to get the current global catalog, where you then can get a reference to a DirectorySearcher that will search the entire forest.

        var currentForest = Forest.GetCurrentForest();
        var gc = currentForest.FindGlobalCatalog();
    
        using (var userSearcher = gc.GetDirectorySearcher())
        {
          userSearcher.Filter = 
    "(&((&(objectCategory=Person)(objectClass=User)))(samaccountname=" + username + "))";
                SearchResult result = dSearch.FindOne();
    
        }
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    @Connor_Wood, you are using the correct terminology, where I have been a bit casual with it.  In my case I do need to find users in a different forest, which happens to have a different domain name, also.  So your solution of being able to specify a forest and then searching the entire forest would take care of things perfectly.  I would not mind having multiple connectors for multiple forests, if it got the job done.

    For those who are not aware, the default behavior of the connector is to use Domain as one field in a compound key to identify which records to update.  You cannot specify the Domain, you can only capture it in the output, which will be the current domain of the management server, even if you are targeting a different domain or forest with your query.
Sign In or Register to comment.