Sync Multiple Domains in Duo using the Forest Root Domain -

Sync Multiple Domains in Duo using the Forest Root Domain

Post author:iwiizkiid
Post published:08/09/2022
Post category:Cisco / Duo / Kelvin
Post comments:0 Comments
Post last modified:10/03/2023
Reading time:1 mins read

I’ve had many Duo customers ask whether it is possible to just use the root domain of an Active Directory forest to synchronise all users including those that are in child domains in the same forest. This is indeed possible and will save customers time when syncing users from AD with Duo. To do this, you can use the global catalogue port instead of the standard LDAP/S ports of 389/3269.

One important thing to note here is that child domains must be part of the same forest in order for this to work. Child domains that are NOT part of the same forest will need to be added to Duo separately if you wish to sync users from those domains.

Duo have provided more information here.

Tags: Active Directory Sync, Cisco Duo, Cisco Duo Setup, Duo, Duo Active Directory Sync, Duo multiple domains

iwiizkiid

Kelvin is a Cyber Security professional with years and experience working with organisations in different verticals, both large and small. He enjoys contributing to the Network Wizkid knowledge base and he also creates technical content. Kelvin enjoys learning new things and often does this by working on achieving new technical certifications. He holds many professional certifications and academically, he has achieved a Bachelors and Master's degree in both Computer Networks and Cyber Security.