In Data Virtualization (DV) > Domain Configuration to connect to Active Directory or LDAP Servers is possible via the below ports:

389 - Default Non-SSL & unencrypted LDAP port (unless TLS is used)
636 - Standard SSL/TLS LDAPS port

3268 - Global Catalog port. Non-SSL & unencrypted unless TLS is used
3269 - Global Catalog port. SSL/TLS LDAPS port


It is recommended to use Global Catalog port 3269 to connect to AD/LDAP Server from DV for the below reasons:

1. Forest wide searches:
Global catalog enables queries that can span entire AD forest. This is useful when users & groups search are performed when their location is not known.

2. Efficient:
As global catalog holds the data from all domains, a single search operation is enough to retrieve the data thus reducing the network traffic and query time. 

3. Reduced overhead:
In standard ports, the search for objects is done only on the single domain. When the object is not found, it makes a referral call to search on other domains. The search for each domain controller (via follow referral) is avoided, when global catalog is used since it has the objects from all domain controllers in the forest.

More over, port 3269 is LDAPS port so its secure and encrypted, so data confidentiality, is ensured.

All supported environments.

This article illustrates the benefits in using global catalog LDAP ports vs standard LDAP ports.

Authentication in Data Virtualization:
https://docs.tibco.com/pub/tdv/8.8.1/doc/html/en-US/StudioHelp/Troubleshooting/Authentication.html

LDAP Session security settings and requirements:
https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/ldap-session-security-settings-requirements-adv190023