Multiple LDAP domains

You can establish multiple network domains within the same forest or for non-trusted domains.

The recommended method for handling multiple domains is to create a separate LDAP server record for each domain. Each LDAP server record must point to a domain controller for that domain, so the local network must allow connections to each of the domain controllers.

After expanding to more than one network domain, it is critical that you identify unique LDAP attributes for the application user names and import coalesce values. A common unique coalesce attribute for Active Directory is objectSid. Unique user names may vary based on the LDAP data design. Common attributes are email or userPrincipalName.