Sync Multiple Domains in Duo using the Forest Root Domain

I’ve had many Duo customers ask whether it is possible to just use the root domain of an Active Directory forest to synchronise all users including those that are in child domains in the same forest. This is indeed possible and will save customers time when syncing users from AD with Duo. To do this, you can use the global catalogue port instead of the standard LDAP/S ports of 389/3269.

One important thing to note here is that child domains must be part of the same forest in order for this to work. Child domains that are NOT part of the same forest will need to be added to Duo separately if you wish to sync users from those domains.

Duo have provided more information here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: