This section guides you with configuring and troubleshooting the Recipient Validation test in ORF.
ORF may not find all email addresses in your AD automatically if you have child domains. In this case, you have to configure ORF to work with a global catalog which contains both parent and child domain data.
To set an LDAP root manually, navigate to the page and click Configure Selected under Validation Source: Microsoft® Active Directory®. Select Use the LDAP root specified below in the Active Directory Source Settings dialog (Directory tab) and enter the global catalog to the LDAP path box as GC://servername/DC=domain,DC=com where servername is the name of your global catalog server. Note that GC:// must be written in uppercase.
If you have multiple domains in the same global catalog tree (instead of child domains), you should simply enter GC://servername (without any trailing slash).
ORF cannot detect the LDAP root path on a non-domain member host, so the root has to be configured manually.
Select Use the LDAP root specified below in the Active Directory Source settings dialog (Directory tab) and enter the LDAP path. Note that LDAP:// must be written in uppercase. External hosts may not be authorized to query the Active Directory. If you experience any problems with the integration, select the Authentication tab and enter the proper user credentials. Note that the user name format required may depend on your AD settings, for example, it can be DOMAIN\user, domain@user or user.
If there is a firewall between the ORF host and the Active Directory server, you must allow the host where ORF runs to communicate with the Active Directory server via the LDAP port (TCP/389). If you use the GC:// prefix instead of LDAP://, the default port will be the GC port (TCP/3268). No other ports are required by the AD communication.
Check the LDAP path. Make sure that "LDAP://", "GC://" and "DC=" are written in upper case.
Check that you have a valid LDAP path configured.
Check the user name and password on the Authentication. Note that the required user name format depends on your AD settings, for example, it can be DOMAIN\user, domain@user or user. Also try the integration with blank user name and password fields and with authentication disabled.
After the LDAP path is set, you can test whether ORF is able to query the Active Directory for a valid recipient address by entering it on the Test tab and clicking the Lookup button.
Note that if the ORF Service is down, the test will be performed in the security context of the ORF Administration Tool. Due to this, you may get a different result with the ORF Service (which actually hosts the Recipient Validation test), because the computer running the ORF Service may be subject to different firewall rules. The ORF Service also runs under a different user account than the Administration Tool, which may cause issues with authentication.