Trusted domains in IDsObjectPicker

  active-directory, com, windows

Suppose I have two domains with trusted relationshaip between each other. I initialize IDsObjectPicker to select users and I want to see users from both of the domains, but it shows me users only from the domain the local computer is joined to.

I.e. under "Entire directory" in "Location" I see only current domain.

Which scope should I use to display users from all trusted domains?

I have tried to specify DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN, DSOP_SCOPE_TYPE_GLOBAL_CATALOG, DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN, DSOP_SCOPE_TYPE_EXTERNAL_DOWNLEVEL_DOMAIN, but it didn’t help at all.

Using DsEnumerateDomainTrusts with DS_DOMAIN_DIRECT_INBOUND flag I can enumerate all trusted domains – it works, but IDsObjectPicker doesn’t show me them.

Logged on user is a member of the domain the local computer is joined to.

Source: Windows Questions

LEAVE A COMMENT