About Universal groups and global catalogs

Note the following when importing a Universal group that belongs to a global catalog:

• There must be a trust relationship configured between all domains in the AD forest.
• Primary groups are not supported.
• In order to retrieve the directories within a forest, the Active Directory role user must be able to read the CN=Partitions, CN=Configuration, DC=ROOTDOMAIN, DC=COM folder.
• If you are importing a Universal group that does not belong to a global catalog:
  • The Active Directory role contacts several ADs. The Active Directory role user must have the necessary permissions to access the different ADs within a forest.
  • The default port used to contact the AD is 389. If you are using a different port, you must append it to the AD server name defined in the Active Directory field on the Properties tab, for example: ADServer.Genetec.com:3393.
• If you are importing a Universal group that belongs to a global catalog:
  • The global catalog must be updated to include the attributes required for Security Center user and cardholder information. For the list of required attributes, see Global catalog attributes.
  • The default port used to contact the AD is 3268. If you are using a different port, you must append it to the AD server name defined in the Active Directory field on the Properties tab. The name and port number must be separated by a colon, for example: ADServer.Genetec.com:3295.

Benefits of using a global catalog