Directory Programming .NET

Active Directory and ADAM programming support for .NET developers

Welcome to Directory Programming .NET Sign in | Join | Help

Directory Programming .NET » General Discussions » Active Directory/ADAM LDAP Dis... » Reading memberOf attribute for an FSP in a different forest?

Reading memberOf attribute for an FSP in a different forest?

Last post 01-31-2010, 11:21 AM by dave. 1 replies.


	Sort Posts: Previous Next

01-31-2010, 10:57 AM 7759

dave
Joined on 02-03-2009
Posts 5

Reading memberOf attribute for an FSP in a different forest?

When I access the FSP from a process running as an account in a different forest it looks like some kind of attribute filtering is happening. The attribute set returned is a small subset of the total number of attributes. I can repro from ADSIEdit as well. The critical thing for my code would be to read the memberOf attribute, but the issue seems generic.

I have tried the delegation of control wizard and opening the ACL but it doesn't seem to have any affet.

Any ideas what might be causing this behavior?

Report abuse

01-31-2010, 11:21 AM 7760 in reply to 7759

dave
Joined on 02-03-2009
Posts 5

Re: Reading memberOf attribute for an FSP in a different forest?

Figured it out. The permissions are more locked down then normal for FSP objects. Giving access to the Foreign Security Principal container through the advanced security tab in ADUC (Read All Properties, Apply to all child objects) seemed to do the trick.

Report abuse