Fresh install of 4.0.6 from source on CentOS 6 minimal. Provisioning
worked fine as did adding a Win7 Pro machine to the domain. Now trying
to use the RSAT (Remote System Administration Tools), specifically the
Active Directory Users and Computers tool.

When looking at the properties for the “Administrator” account, clicking
on the “Member Of” tab results in a 30 second wait, then the error
message of “global catalog (GC) cannot be contacted”.



The global catalog uses port 3268/tcp, which wasn’t listed in your
iptables command list.