Multiple domains: be sure to use 3268 !

Hi Folks,

Just a simple heads-up. If you have multiple domains, make sure to use port 3268. Reason is this is the Global Catalog that contains ALL information of the forest in read-only.

You need to know which Domain Controller is your Global Catalog. Ask your AD administrator.

This should solve some issues like:
- queries taking very, very long (had 20+ seconds, now less than 1 second)
- don't get all group memberships (remember, you need universal groups)
- Wilcards not working properly -- Was seen by @Serge

My example:

See you.

Page 1 / 1

or 3269 if you're using SSL.

It actually works for me pointing to our load-balanced FQDN. e.g. domain.forest.com, but YMMV.

I know this is old, but what Search base are you using for the global catalog? I am connecting on 3269 and can query one domain, but not our two child domains and I think my search base may be wrong

One thing to also note, on GlobalCatalog (3268/3269) queries, not all Attributes can be returned for objects. We use some attribute lookups that require ldap ports 368/636.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded