UnitySync Requirements for Sync/Join Mode selection of JOIN or BOTH for Active Directory (AD)
Created: 2012-04-20 08:09:59Modified: 2020-09-17 12:57:00
Tags: Active Directory Troubleshooting UnitySync
The following access requirements apply when Join or Both are enabled on the Destination Tab’s Sync/Join Mode.
When Joining with objects on an AD domain, UnitySync will query the Global Catalog to search for a join match. Therefore, in addition to the standard ldap port (389/636) the connection’s Destination IP must be that of a Domain Controller that contains the Global Catalog. Which then requires connectivity to 3268/2369 (as well as 389/636).
Although dest 3268 is required for Join/both, Always specify the standard LDAP port (389/636) on the destination Tab.
The attribute(s) used in the Dest Tab - Join Query must be available in the Global Catalog AND must be indexed.
On the destination tab, a Join Query must be entered for all Object Types selected on the Source tab.
For example, On the Source tab, if you have selected to sync both User and Contacts object types, then on the Destination tab, you must specify an appropriate Join Query under filters for Users and Contact.
(If a Join Query field is blank on the Destination but selected on the Source, you will receive an error when attempting to Sync)NOTE: There is a seldome used option allowing you to override the need for a global catalog. This would allow you to ignore the above and use an GC DC. Add the following to the Custom Tab Raw Config:
join-use-gc=no
If you decide to use this option, 3268/3269 are not required.
If you need further assistance with this functionality, please contact support@dirwiz.com.