Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
How to Create crossRef Objects for a DNS Namespace Subordinate of an Existing Active Directory Forest
Article ID: 817872 - View products that this article applies to.
This article describes the functionality of the crossRef object in Active Directory. It also describes how to create crossRef objects for a Domain Name Service (DNS) namespace that is subordinate to an existing Active Directory forest.
Request for Comments (RFC) 2251 defines a referral mechanism that permits a Lightweight Directory Access Protocol (LDAP) server to send the distinguished name (DN) of another LDAP server in response to a search request from a client. When a domain controller (DC) is presented with a DN to start a search from, it first queries the list of crossRef objects in the configuration container to find the best match. For a crossRef object to qualify as a potential match for a DN, the nCName attribute of the crossRef object must be an exact substring of the DN. From this list of potential crossRef object matches, the object with the longest nCName attribute is selected as the best match.
The configuration container automatically holds references to all naming contexts (NCs) in the forest.
Forest BIn this example, domain controllers in forest A do not generate referrals for any domain in forest B because a domain controller assumes that it has full knowledge of the namespace below any NCs that it holds. CrossRef objects must be created if client referrals are required.
If the subordinate namespace uses the DC naming convention, set the nCName attribute to the DN of the NC, and set the dnsRoot attribute to the DNS name of the NC.
In this example, the following crossRef object is created in the configuration container of the Mydomain.com forest:
CN=ROOTB,CN=Partitions,CN=Configuration,DC=mydomain,DC=comThis object has the following attributes:
nCName: DC=rootb,DC=mydomain,DC=comIf the external NC does not use the DC naming convention, the dnsRoot attribute of the crossRef object must be set to the fully qualified domain name (FQDN) of a server that hosts the NC.
To Create a Cross-Reference to an External Domain
For more information about RFC 2251, visit the following Internet Engineering Task Force (IETF) Web site:
http://www.ietf.org/rfc/rfc2251.txt?number=2251For more information about the crossRef object and referrals in Active Directory, visit the following Microsoft Web site:
Article ID: 817872 - Last Review: February 27, 2007 - Revision: 4.4