UnitySync Requirements for Sync/Join Mode selection of JOIN or BOTH for Active Directory (AD)2017-05-10 07:52:14
Active Directory Troubleshooting UnitySync
The following access requirements apply when Join or Both are selected as the Sync/Join Mode on the Destination tab of your connection:
- When Joining with objects on an AD domain, UnitySync will query the Global Catalog to search for a join match. Therefore, the connection’s Destination IP must be that of a Domain Controller that contains the Global Catalog. Always specify the standard LDAP port (389) when writing to AD. However, since the Join will query the Global Catalog, the UnitySync server must also have access to read from the Global Catalog’s LDAP port, 3268 (for SSL, the standard port is 636, the GC is 3269.)
- The attribute(s) specified in the Join Query on the Destination tab must be available in the Global Catalog AND must be indexed.
- A Join Query must exist for all Object Types selected on the Source tab; for example, if you have selected to sync both User and Contacts (on the Source tab in the Object Types section), you must then populate the User(s) Query and Contact(s) Query on the Destination tab. If a Join Query field is blank on the Destination but selected on the Source, you will receive an error when attempting to Sync.
If you need further assistance with this functionality, please contact firstname.lastname@example.org.