Share via

Search in Global catalog the account attributes of related domains in the forest

Mikhail 1 Reputation point
2021-02-18T04:43:18.233+00:00

Hello. I have the related domains test1.local and test2.local And there are accounts user@test1 .local and user@test2 .local Domain test1.local have role Global catalog. I try search (port 3268) account user@test2 .local in domain test1.local with role GC and received that user not found. How i can search accounts attributes in different related domains if i run search in one domain the role GC?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-02-18T06:49:07.02+00:00

    Hello @Mikhail ,

    Thank you for posting here.

    To better understand our question, please confirm the following information:

    1. As I understand, test1.local and test2.local are in the same forest, is it right?
    2. You have the same account named user in test1.local and test2.local, is it right?
    3. How many DCs in domain test1.local? As I understand, DCs in domain test1.local are also DCs.
    4. How many DCs in domain test2.local? Is any DC in domain test2.local GC?
    5. Based on "I try search (port 3268) account user@test2 .local in domain test1.local with role GC and received that user not found.", how do you search the account user@test2 .local in domain test1.local ?
      Could you please provide the steps and screenshots?

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Mikhail 1 Reputation point
    2021-02-20T05:59:13.313+00:00

    Thanks fo your answer @Anonymous
    Names in first post are example.
    Realy names differ.

    1. We have domain super.local with the GC role and account test1@石超 .local in him and
      domain second.local have account test3@second.local. Domains super.local and second.local are in one forest and are related.
      Domain super.local and second.local has by one DC.
    2. I run ldap request in domain super.local with the GC role for searching account test3@second.local and receive result 0.
      Domain super.local doesnt has test3@second.local but he must has information about attributes of domain second.local
      Why request in domain super.local with the GC get result 0 for test3@second local.
      This is screenshot request 70261-all-request-test3.png
    0 comments
  3. Anonymous
    2021-02-22T09:04:36.69+00:00

    Hello @Mikhail ,

    Thank you for your update.

    I can not see how you query user via port 3268?

    Can you query via Windows built-in LDP.exe?

    For example:

    I have a root domain b.local with two child domains cc.b.lcoal and bb.b.local.

    On cc.b.local DC, I can query user on bb.b.local.

    On DC in cc.b.local, open LDP.exe.

    70458-ldp1.png

    70498-ldp2.png

    70459-ldp3.png

    70593-ldp4.png

    Best Regards,
    Daisy Zhou

    0 comments
  4. Mikhail 1 Reputation point
    2021-03-04T08:15:42.13+00:00

    Thank you for answer @Anonymous
    In that case your run search in needed domain.
    In other words your run search in domain own searching account.
    In my case i have test2@石超 .local
    74223-image.png

    and test3@second.local

    74231-image.png

    But when i run serch test3 in CN=Users,DC=super,DC=local
    i get 0 result

    74107-image.png

    0 comments
  5. Anonymous
    2023-08-23T15:35:54.9133333+00:00

    I have a new server 2019. I will like to move my domain controller from 2012R2 to it. The existing domain controller is my dns server as. How can I achieve this without losing anything on the old DC?

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.