What is the difference between a dc search specifying a Base DN to perform the search from and a GC:// search.
For example:
vastool -u host/ search -U GC://@DOMAIN.NET "(&(objectCategory=Person)(objectClass=user)(cn=John Smith))" samaccountname
vastool -u host/ search -b dc=domain,dc=NET "(&(objectCategory=Person)(objectClass=user)(cn=John Smith))" samaccountname
By default vastool will do a dc/389 search. In the case of giving it -U GC://, it will do a global catalog search, port 3268, which won't have all the attributes, just the ones your Active Directory is set to export to the GC.
The DC query will be more complete for most things.
GC tends to be good for finding things, for example you can query an entire forest for say a specific user. But getting ALL attributes, takes a second DC query.
On the other hand, if the attributes you want are in the GC it makes it easier if you don't know which domain the object might be in, find it and get the results in one query.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center