About Universal groups and global catalogs - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

Security Center supports synchronizing Universal groups that belong to a global catalog. Users from different domains in an AD forest can access Security Center using one Active Directory role connected to one domain controller (global catalog). There are some things you should know before synchronizing a Universal group that belongs to a global catalog.

Note the following when importing a Universal group that belongs to a global catalog:

  • There must be a trust relationship configured between all domains in the AD forest.
  • Primary groups are not supported.
  • In order to retrieve the directories within a forest, the Active Directory role user must be able to read the CN=Partitions, CN=Configuration, DC=ROOTDOMAIN, DC=COM folder.
  • If you are importing a Universal group that does not belong to a global catalog:
    • The Active Directory role contacts several ADs. The Active Directory role user must have the necessary permissions to access the different ADs within a forest.
    • The default port used to contact the AD is 389. If you are using a different port, you must append it to the AD server name defined in the Active Directory field on the Properties tab, for example: ADServer.Genetec.com:3393.
  • If you are importing a Universal group that belongs to a global catalog:
    • The global catalog must be updated to include the attributes required for Security Center user and cardholder information. For the list of required attributes, see Global catalog attributes.
    • The default port used to contact the AD is 3268. If you are using a different port, you must append it to the AD server name defined in the Active Directory field on the Properties tab. The name and port number must be separated by a colon, for example: ADServer.Genetec.com:3295.

Benefits of using a global catalog

A global catalog stores a copy of all AD objects in a forest which provides many benefits:
  • The need to query multiple domains for information is eliminated since everything is stored in the global catalog.
  • Less time to process information.
  • Less bandwidth used.
  • Less replication of information.
  • Requires only a single Active Directory role connection. All users can access Security Center using the global catalog.