Global Catalog / Cross Domain Manager Relationships

This article is exclusively for Active Directory. If you use Entra ID, please ensure the correct target system is selected from the drop-down menu on the top right side of your screen.

Even when a user and their manager are situated in different domains within the forest, Connect to AD can establish and maintain the user-manager relationship seamlessly.

Example

Steve Smith is in the sub-domain west.example.com and he reports to John Doe who is in the parent domain example.com.

Connect to AD must set John Doe as Steve Smiths manager.

To ensure the proper functioning of this feature, Active Directory must be configured correctly.

The following notes outline the necessary configurations:

The Global Catalog serves as a partial cache of all the domains in the forest and enables the search for specific users across domains. Connect to AD utilizes the Global Catalog to locate a user's manager in a different domain.

It is crucial to verify that the attributes used to link to the UKG employee record is included in the Global Catalog cache. If this attribute is not included in the Global Catalog, then Connect to AD will not be able to find the manager and not able tos et it either.

For instance, if you are using the employeeNumber attribute as the linking field, you must ensure that the employeeNumber attribute is replicated to the Global Catalog, as illustrated below.

In order to change this attribute you will need to use the Active Directory Schema Admin snap-in via MMC. If the snap-in is not available to be added you will first need to register the snap-in using Regsvr32 schmmgmt.dll.

How To Register the Active Directory Schema MMC Snap-in

After implementing the suggested change, it is highly recommended to restart Active Directory Domain Services to ensure the changes take effect. 

Now that the attribute that is used for linking to UKG has been replicated into the Global Catalog, we have the capability to configure Connect to AD to utilize the Global Catalog when searching for a user's manager.

Furthermore, we can set the specific Global Catalog which should be used when when searching for a user's manager.

Please note that when we set the Global Catalog host, we must prefix the host with GC and not LDAP.

 

The next time the sync process runs, Connect to AD will search the Global Catalog for a users manager if it can't be found in the current domain.

 

Congratulations! You are officially complete with the Connect to AD guide.

For more information, tips and tricks, and the community section please see our community platform.

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.