I have a school system that has 5 satelite locations.
I have ourschool.com
and so on.
I have AD authentication working with ourschool.com but it can not see any of the child domains. I have used ldap browser and can browse to the other networks. In the user list all ourschool.com users are listed but for the domains $lcesnet shows up instead of the users.
I have in wildfire.xml
I had a similar situation. All I did to fix the problem we to use port 3268 instead of 389. Try that first and if it’‘s still not working, post again and I’'ll look deeper into your config.
I was in the same situation and this worked great for me. Thanks for the suggestion.
The reason for this is because port 389 is for the local domain, port 3268 is for the Global Catalog, which contains a subset of the other domains information normally reachable on port 389 of the local domain controllers of that domain.
How you need to make this work:
Make sure the domain controller you are using in the config namely <host>unicoischools.com</host> is a GC. This should do you for authentication, as long as your <baseDN>dc=unicoischools;dc=com</baseDN> is your forest root.
To pull groups from LDAP from all your domains, make sure they are universal groups. If you are unable to use a universal security group (need to be in 2000 Native or higher), then create a universal distribution group. Only groups for your root domain and universal groups will be availible to pull into Wildfire.
I hope this helps