Showing results for 
Search instead for 
Do you mean 

Directory Synchronization - Global Catalog


Directory Synchronization - Global Catalog

Does anyone know if the TRIM DS tool can query against multi-domain active directories from a Global Catalog?


I know its simple to do different domains with different DS configurations, but I have a client that uses Global Catalog where only 1 config and LDAP server would be able to query all domains.  They have demonstrated that other tools query that way, but TRIMDS is unable query the base DN of the directory without being domain specific (thus not using the global catalog).


Anyone have success using a global catalog?


Re: Directory Synchronization - Global Catalog

I can confirm that TrimDS is happily syncing from a GC here (two distinct domains each with it's own TRIM user/security group).


My TrimDS LDAP connection string connects to the GC at the top level


search base dc=example,dc=com,dc=au


I then use two "entries" to query each domain separately:


Entry 1 search dn = dc=domain1,dc=example,dc=com,dc=au

(memberOf=CN=TRIMUsers,OU=Security Groups,OU=Groups,dc=domain1,dc=example,dc=com,dc=au)


Entry 2 search dn = dc=domain2,dc=example,dc=com,dc=au

(memberOf=CN=TRIMUsers,OU=Security Groups,OU=Groups,dc=domain2,dc=example,dc=com,dc=au)


It took a bit of fiddling on the AD side to get it to work, but it beats running separate synchronisations for each domain. I'm a TRIM user, not an AD tech, but I hope that's of some help!


Re: Directory Synchronization - Global Catalog

Are you able to provide any info on the fiddling that was done with AD? 


Your description was excellent, but we ran into an empty search window with the 2nd domain filter running against the 2nd domain search base. 


Our work around was to use different connection details for each entry and that allowed us 1 config with multiple servers.


Re: Directory Synchronization - Global Catalog

I'm afraid I can't provide any insight into how the GC was established - I'm well separated from that side of things sorry!


In case it's of any help, I've attached a quick working example TrimDS configuration from our UAT environment (with a few details changed to protect the guilty) :smileywink:


Also consider enabling verbose logging when running in report-only mode to track down any errors.



Honored Contributor

Re: Directory Synchronization - Global Catalog

If the second query string is returning an empty search window then I'd bet that the domain trust isn't transitive and bidirectional.

//Add this to "OnDomLoad" event