Authenticate via Active Directory domain in DMZ with Trusted Domain connection to another domain in another Forest

Hello community!

Nextcloud version: 12.0.3
Operating system and version: Ubuntu 16.04
Apache version: 2.4.18
PHP version: 7.0.22
Is this the first time you’ve seen this error?: yes

Can you reliably replicate it? (If so, please outline steps): yes

Trying to configure AD-integration with users from another domain in another forest.

The issue you are facing:

Users in specific AD-group which reside in another domain in another forest are not recognized by Nextcloud. Only users located in the specified domain are recognized by Nextcloud. There is Domain Trust configured between the two domains.

Trying to get the LDAP query within Powershell seems to work. It’s also possible to connect via RDP to a server inside the DMZ with this kind of authentication.

Is there any possibility to get such users recognized by Nextcloud? Do we have to adjust the LDAP query in any way so that this will work?

Hi, I was wondering if you ever found a solution to this?

We are trying to achieve a similar constellation.
Groups should be created and managed in one domain but users can be selected from different domains.
Sadly the group membership for users from other domains are not synced to NC.

Changing the Port to Global Catalog port did not change the situation either.

Let us know if you had any luck setting this up! :slight_smile:


This appears to be an abandon thread but I am also looking for resolution to this. I have two AD domains that I admin, and I have a one way trust between them. I would like for nextcloud to honor this trust and be able to pull users from the other domain and show them in the proper group. Has anyone else been able to do this?
Currently it sounds like I will have to have redundant groups in both domains and set up both domains in nextcloud. Then will have to maintain the group in both domains and then use the group folders addon to allow those specific groups access to a folder for collaboration.
Any suggestions are welcome