Sync universal groups and users in a multi-domain Active Directory (AD).
Organizations can have multiple Active Directory domains for different geographical regions. To sync all of the users in all groups, Enterprise Application Access (EAA) has the global catalog server option. When this option is not selected, groups and users belonging to other domains with the same AD forest is not be synced. For more information, see Add users and invite them to the cloud directory and Add users to an overlay group.
Organizations may deploy an Active Directory forest containing many domains. Each domain may represent a separate geographical region, or teams within a company like the marketing, engineering, and customer-support. A domain is controlled by the AD domain-controller. It's added to Enterprise Application Access (EAA) for syncing groups and users within that domain. To sync groups and users belonging to other domains within the same forest, EAA has the global catalog option. When this option is not selected, groups and users belonging to other domains within the AD same forest are not synced from the server. Complete this procedure to sync universal groups and users belonging to other domains within the AD forest.
Log in to Enterprise Center.
In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.
Select your directory to open it.
In Settings > Advanced Settings select Global catalog server.
Click Sync Directory.
You should see all users synced across multiple domains.
Enterprise Application Access uses ports
3269on the global catalog server to sync groups and users. Make sure Enterprise Application Access can communicate with the Active Directory on these ports and configure firewall rules to add these ports to allow list.
Updated 10 months ago