Help

Multiple domains: be sure to use 3268 !

Go to solution
ftiff
Contributor

Posted on ‎11-06-2015 07:59 AM

Hi Folks,

Just a simple heads-up. If you have multiple domains, make sure to use port 3268. Reason is this is the Global Catalog that contains ALL information of the forest in read-only.

You need to know which Domain Controller is your Global Catalog. Ask your AD administrator.

This should solve some issues like:
- queries taking very, very long (had 20+ seconds, now less than 1 second)
- don't get all group memberships (remember, you need universal groups)
- Wilcards not working properly -- Was seen by @Serge

My example:

437cdc7b79f7499cafebdbac66d16709

See you.

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
geoffreykobrien
Contributor

Posted on ‎11-06-2015 08:16 AM

or 3269 if you're using SSL.

View solution in original post

0 Kudos
Reply
4 REPLIES 4

Go to solution
geoffreykobrien
Contributor

Posted on ‎11-06-2015 08:16 AM

or 3269 if you're using SSL.

0 Kudos
Reply

Go to solution
Serge
New Contributor III

Posted on ‎11-06-2015 08:38 AM

It actually works for me pointing to our load-balanced FQDN. e.g. domain.forest.com, but YMMV.

0 Kudos
Reply

Go to solution
brian_coyne
New Contributor

Posted on ‎04-16-2020 07:44 AM

I know this is old, but what Search base are you using for the global catalog? I am connecting on 3269 and can query one domain, but not our two child domains and I think my search base may be wrong

0 Kudos
Reply

Go to solution
mpebley
New Contributor III

Posted on ‎04-16-2020 07:57 AM

One thing to also note, on GlobalCatalog (3268/3269) queries, not all Attributes can be returned for objects. We use some attribute lookups that require ldap ports 368/636.

0 Kudos
Reply