Skip to main content
Solved

Multiple domains: be sure to use 3268 !

  • November 6, 2015
  • 4 replies
  • 7 views
F
Forum|alt.badge.img+8

Hi Folks,

Just a simple heads-up. If you have multiple domains, make sure to use port 3268. Reason is this is the Global Catalog that contains ALL information of the forest in read-only.

You need to know which Domain Controller is your Global Catalog. Ask your AD administrator.

This should solve some issues like:
- queries taking very, very long (had 20+ seconds, now less than 1 second)
- don't get all group memberships (remember, you need universal groups)
- Wilcards not working properly -- Was seen by @Serge

My example:

See you.

Best answer by geoffreykobrien

or 3269 if you're using SSL.

    4 replies

    geoffreykobrien
    Forum|alt.badge.img+9
    • geoffreykobrien
    • Valued Contributor
    • Answer
    • November 6, 2015

    or 3269 if you're using SSL.

    Serge
    Forum|alt.badge.img+13
    • Serge
    • Contributor
    • November 6, 2015

    It actually works for me pointing to our load-balanced FQDN. e.g. domain.forest.com, but YMMV.

    B
    Forum|alt.badge.img
    • brian_coyne
    • New Contributor
    • April 16, 2020

    I know this is old, but what Search base are you using for the global catalog? I am connecting on 3269 and can query one domain, but not our two child domains and I think my search base may be wrong

    M
    Forum|alt.badge.img+7
    • mpebley
    • Contributor
    • April 16, 2020

    One thing to also note, on GlobalCatalog (3268/3269) queries, not all Attributes can be returned for objects. We use some attribute lookups that require ldap ports 368/636.

    Terms & ConditionsCookie settingsAccessibility statement