Knowledgebase
AD JOIN Requirements
Category:Active Directory
Last Updated:2011-08-02
Download PDF version
The following access requirements apply when Join is enabled on the Destination tab of your connection:
- When Joining with objects on an AD/Ex2000/2003 domain, UnitySync will query the Global Catalog to find the match. Therefore, the connection's Destination IP must be that of a Domain Controller that contains the Global Catalog. Always specify the standard ldap port (389) when writing to AD. However, since the Join will query the Global Catalog, the SimpleSync server must also have access to read from the Global Catalog's ldap port, 3268
(For SSL, the standard port is 636, the GC is 3269.)
- The attribute specified as the Dest Index must be available in the Global Catalog AND must be indexed.
This microsoft article points to resources to help confirm/apply these required settings. http://www.microsoft.com/technet/scriptcenter/guide/sas_ads_nbth.mspx?mfr=true