Article ID: 241737 - View products that this article applies to.
This article was previously published under Q241737
Request for Comment (RFC) 2251 defines a referral that makes it possible for a Lightweight Directory Access Protocol (LDAP) server to send the distinguished name (also known as DN) of another LDAP server in response to a client's search request. When a domain controller is presented with a distinguished name on which to base a search, it first looks through the list of CrossRef objects in the configuration container to find the cross-reference with the most name parts in common with the base of the search. Note that the configuration container automatically holds references to all other naming contexts in the forest.
If a CrossRef object is found that matches the search base and the cross-reference corresponds to a naming context (NC) held locally on the domain controller, the search is performed locally. If the matching CrossRef object refers to an NC held elsewhere, the domain controller generates a referral to the server that is pointed to by the CrossRef object. If no CrossRef object is found that matches the search base, the domain controller checks whether there is a superiorDNSRoot attribute on the CrossRef object for the forest root domain, and if there is, the domain controller generates a referral to that location. If there is not, it tries to use the domain controller naming convention to generate a DNS name to refer the client to.
Active Directory automatically generates LDAP referrals. However, in the case where a server hosts an NC that does not use the domain controller naming convention, a CrossRef object must be created to override the default behavior. In this case, the nCName attribute should be set to the external NC and the dNSRoot attribute should be set to the FQDN of a server that hosts that NC.