By default, the portal is only set to pull information from a single Active Directory domain - the domain of the identity account. The LDAP string in the web.config can be configured to point at a specific Active Directory domain server.
If the organization is attempting to use multiple domains, there is a way for the portal to communicate with all of these at once. There are two steps that need to be followed for this to happen:
1. A single primary domain must have trusts set up with the other Active Directory domain.
2. In the web.config of the portal, in the LDAP string, add :3268 to the end of the server or IP of the domain listed. For example: LDAP:\\ADServer:3268
Port 3268 is the port number in Active Directory used to access the Global Catalog. What this will do for the portal is allow it to request from Active Directory server information about a user across all trusted domains.
There is one minor issue with using the Global Catalog. If the user exists in multiple domains that have the trust set up between them, it will throw an error when you try to visit that user's page in the Manage Users. The only solution to that is to make sure the same username doesn't show up in the multiple domains.
More information can be found at this Microsoft article.
Comments
0 comments
Please sign in to leave a comment.