When Referrals Are Generated

A referral is the way that a directory server communicates that it does not contain the data required to complete a query, but has a reference to a server that may contain the required data. Be aware that referrals are not just generated by query requests.

The following operations can result in one or more referrals:

  • Binding to a server that does not contain the object specified by the requested distinguished name but has data about a server or domain that may contain that object. For ADSI, this can occur if the application calls ADsGetObject or ADsOpenObject to bind to an object that exists in another domain in the forest (internal referral) or a naming context that is completely separate from the forest (external referral). For the LDAP API, this can occur when performing add, modify, delete, or search operations that specify an object that exists in another domain in the forest (internal referral) or a naming context that is completely separate from the forest (external referral).

    If name resolution fails to find an object locally and there are no crossRef objects for that portion of the namespace, the domain controller will attempt to construct an external referral based on the domain components of the distinguished name. For example, if a search was based at "CN=a,CN=b,DC=c,DC=d,DC=e", the domain controller will construct a referral to the LDAP server at DNS address "c.d.e".

    All Windows 2000 domain controllers (which support only DC= naming for the upper components) recognize each other, and no external cross references are required for a client to bind from one forest to another. If other non-Windows 2000 directory servers, such as a Netscape server, is using DC= naming and has an appropriate SRV RR registered in DNS, it will get the advantage of the automatic referrals as well. If not, an external crossRef object must be added manually.

  • Performing a subtree search on a domain that contains subordinate domains in the forest or subordinate external domains, schema, or configuration containers. A referral to the subordinate domain, external domain, schema or configuration container will be created. If referral chasing is enabled, the referral will be transparent to the caller.