Active Directory Global Catalog
When listing users in the Entitlements Manager, some users are listed twice.
Access Manager requires that a user datastore be defined for the local domain as well as for the Global Catalog. The user datastore for the local domain is where local users would be created. It should be noted that when using the Global Catalog, the Entitlements Manger should not be used to manage users. Instead, domain users should be managed externally using Microsoft tools. The user.basedn for the local datastore must be defined, else an error message is generated. This configuration setting should point to a dummy location where no users reside. Users on the local domain will still be visible through the Forest view, provided by the Global Catalog.
For example, create a container in the local domain called CTUSERS.
Point the user datastore for the local datastore to this empty container.
cleartrust.data.ldap.user.basedn cn=CTUSERS, cn=Users,dc=domain,dc=com
Related Articles
Licenses Number of Views Uninstall a License Number of Views Extend an Evaluation License Number of Views Check License Status Number of Views View Installed Licenses Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
