Optional override for Join, to search Domain Controller (instead of requiring Global Catalog)

On any connection to Active Directory, the Destination tab specifies the port to write to on the specified Domain Controller (DC) IP address.

Note: The destination port should never be the Global Catalog (GC) port, 3268/3269 as these are read only ports.

If the connection Sync/Join Mode (on the Destination tab) is set to Create, then the destination DC may also be a GC, but this is not required. In this case, the Destination port should only ever be the writable ports 389 or 636 (SSL/TLS), considered the DC ports.

However, if the connection Sync/Join Mode is Join or Both (Create/Join), the Destination port should still be 389 or 636, but the Destination DC is (by default) required to also be a GC. With any Sync/Join Mode that seeks to join with existing Destination objects, UnitySync automatically queries on the Destination GC port.

If you must use a Sync/Join Mode of Join or Both to a Destination DC that isn’t also a GC, there is an optional override that will enable this behavior.

GC Override

1. On the Custom tab, click the Raw Config button.

2. Add this line:
   join-use-gc=no

3. Click Save.

4. Run a SIMULATION. Verify results before running a Sync.

With this override set, the Join functionality will use the DC port instead of the usually required GC port.