My company supports an application that allows uses to authenticate via LDAP. For years we have struggled whenever someone called in looking for help with user authentication issues because we only have access to the server that our product is on, not the AD server. We’re usually pretty certain the customer isn’t giving us the whole truth (the ever-typical “nothing changed on our side, it just stopped working!”). A while back we discovered we could use PowerShell to gather all of this information, and it has become a life-altering experience… But we still have one situation that we can’t seem to get around, and that’s when our customer puts the server with our product in the DMZ, and does not connect it to the domain. They configure the LDAP settings to connect to an AD server via FQDN. I know how to run
Start-Process powershell.exe -Credential “Domain\User”
if I’m signed into the server with a local account when the server is actually connected to the domain, but I’m curious if there might be a way to connect to AD to a remote server based on FQDN. My guess is that would be a major security breach, but figured I’d throw it out there anyhow in case somebody else may have an answer.