If a CrossRef object is found that matches the search base and the cross-reference corresponds to a naming context (NC) held locally on the domain controller, the search is performed locally. If the matching CrossRef object refers to an NC held elsewhere, the domain controller generates a referral to the server that is pointed to by the CrossRef object. If no CrossRef object is found that matches the search base, the domain controller checks whether there is a superiorDNSRoot attribute on the CrossRef object for the forest root domain, and if there is, the domain controller generates a referral to that location. If there is not, it tries to use the domain controller naming convention to generate a DNS name to refer the client to.
Active Directory automatically generates LDAP referrals. However, in the case where a server hosts an NC that does not use the domain controller naming convention, a CrossRef object must be created to override the default behavior. In this case, the nCName attribute should be set to the external NC and the dNSRoot attribute should be set to the FQDN of a server that hosts that NC.
- Using the ADSIEdit snap-in in Microsoft Management Console (MMC), connect to the configuration naming context and locate the partitions container.
- Create a new CrossRef object.
- For the cn attribute, type a meaningful name (for example, the domain name).
- For the ncName attribute, type the distinguished name for the external domain.
- For the dnsRoot attribute, type a real Domain Name System (DNS) name for the server that hosts the naming context.
- DnsRoot=server1.mydomain.msft (this name needs to be resolved by using DNS)
Article ID: 241737 - Last Review: Oct 30, 2006 - Revision: 1