Using the WebService with multiple domains

Mar 17, 2011 at 12:53 AM

Maik,

Long time no post :)  Thanks again for all the excellent work on the Web Service and the Web Frontend.  They have been extrememly helpful in my attempts to automate our build process.  With that being said, I'm having a few issues, that are probably really limitations of the code.  I have one AD forest with multiple AD domains.  Everything works great within one domain, but when I try to do things across domains, I have no such luck.

For example:

Let's say I have the root forest aaaa.com, with domains of bbbb.com, cccc.com, and dddd.com.  Nothing is really in the root forest, but admin stuff.  bbbb.com is a resouce domain where accounts and computers that are used in multiple domains are stored.  cccc.com and dddd.com are where users reside.  The webservice is setup in cccc.com, so everything I do in cccc.com works great. 

Now I have an AD group in bbbb.com that I need to add computer accounts from cccc.com and dddd.com to.  When I use the AddComputerToGroup function, it returns a 200 OK and appears to work.  The MDT logs show the correct parameters are passed.  If I look in the WebService debug logs I get "No object found".  It shows the search root as LDAP://cccc.com .  It is not going to find it there, becuase it is not in cccc.com.  It is in bbbb.com.

Is there a way to have it search the entire forest, or specify the domain to search?  Do I need to move my WebService to AAAA.com to be able to search the entire forest? 

This also causes my MoveComputerToOU to fail for the other domains.  Any thoughts or guidance would be greatly appreciated.

Again excellent work!

Mar 17, 2011 at 7:25 PM

UPDATE:  Ok, so I figured out how to get it to find the group in bbbb.com.  I created a second webservice and configured the Application Settings to point to the ADDomain of bbbb.com.  Now it can find the group, but when it goes to add the computer account it can't find it because it is not in bbbb.com, but it is in cccc.com.  Is there a way to configure the webservice to look in the Global Catalog (GC)?

Apr 28, 2011 at 6:13 PM

BUMP!  Haven't heard anything.  I'd really hate to have to scrap all the work I've done and start from scratch.

Coordinator
May 2, 2011 at 7:12 PM

Currently it doesn't have support for multiple domains, or better to say cross-domain support. Simply searching through the whole forest wouldn't be sufficient as you might have the same name in different domains.

One option would be to optionally supply the domain per call. But in the case you mentioned this would require specifying two different domains. Another option could be to supply the full ldap path. I'm open for any suggestions ;-)

Regards

Maik

May 3, 2011 at 9:17 PM

Maik,

Actually, having the option to specify a domain would be perfect.  For example, for the DoesComputerExist function the only parameter is Computername.  The search is then done in the domain for which the WebService is configured for.  If a second parameter for domain could be specified, I believe that would resolve one of my issues.  Same thing for the AddComputerToGroup function.  Is this possible?

Jun 13, 2011 at 7:26 PM

Maik,

Any update?

Coordinator
Jun 14, 2011 at 8:01 AM

Working on it. Just published the first beta of the next update a few days ago (http://mdtcustomizations.codeplex.com/releases/view/26318). It doesn't contain the updated Active Directory part yet, but I should be able to add this for the next beta that is scheduled for end of this week.

Regards

Maik

Jun 14, 2011 at 12:18 PM

Excellent!  Let me know when it is posted and I'll be glad to test it out for you.  Thanks again for the hard work!

Coordinator
Jun 15, 2011 at 10:07 AM

Beta 2 has been published at http://mdtcustomizations.codeplex.com/releases/view/26318. It contains a new webservice file ADEx.asmx, that contains the same functions as AD.asmx but with the option to supply the domain name. Domain name can be either DC=MyDomain,DC=Com or MyDomain.com. As I don't have a testenvironment with several domains (Seems I need to extend my testenvironment), I wasn't able to do some good testing though. Would be great if you could give that a try and test as many combinations as possible.

Thanks

Maik

Jun 15, 2011 at 1:13 PM

Thanks!  I just downloaded it and will try to get started testing today.  I'll keep you posted.

Jul 18, 2011 at 1:40 PM

Maik,

Sorry it took me so long to get back to you, but I have finished my testing of the 7.3 beta 2 release and it works great!  I see beta 3 is out, so I will be updating the code this week and testing again.  Do you have an ETA when the code will go to production?  Thanks!

Coordinator
Jul 19, 2011 at 10:48 AM

No problem.

I expect it to be released within the next couple of weeks. There are still some minor issues that need to be fixed. Thanks for your help.

Regards

Maik

Jul 22, 2011 at 3:07 PM

Maik,

HELP!  I updated to Beta 3 and now the domain options that were in Beta 2 seem to have disappeared!

Coordinator
Jul 22, 2011 at 7:47 PM

You are right. I will upload the last beta over the weekend that will fix this.

Regards

Maik

Aug 4, 2011 at 3:04 PM

Maik,

How is the release coming, or beta 4?  I need to implement this into my production by the end of next week.  Just let me know.  If it won't be ready by then, I can roll with Beta 2 for now.  Thanks.

Eddie

Aug 15, 2011 at 1:30 PM

BUMP!

Coordinator
Aug 25, 2011 at 7:59 AM

Latest Beta has been uploaded that contains the fixed version for the Multi-Domain part. Should go final within the next 1-2 weeks. Sry for the delay.

Maik