How to LDAP using Global Catalog (GC)

Active Directory can be used as LDAP directory information.

The common method is to use the default LDAP or LDAPS (secure LDAP) on ports 389 or 636. These standard LDAP ports always exist on a Domain Controller (DC), but you can browse only objects on domain that is hosted on selected DC. There is no way to access objects from other domains using this method.

For browsing all objects within the forest, you can use Global Catalog. This LDAP directory can be accessed on port 3268, with LDAPS on port 3269. For that the DC must have GC role enabled and, remember that not all attributes are replicated to the GC partition but only a subset (Common attributes such as first name, last name, email, phone number, description, and address are included).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s