I am trying to ascertain if a client’s domain is impacted by an issue in the August Security only update for Windows 7 (KB4034679).
The issue is described by Microsoft as:
“Due to a defect in WLDAP32.DLL, applications that perform LDAP
referral chasing can consume excessive or all of the available TCP
dynamic ports after installing KB 4025337 and KB4025341. Applications
and roles known to make these referrals may include Outlook.exe, DFSR,
and others.”
I know some of the impacted applications are present, but I’m unsure if the domain will conduct LDAP referral chasing.
- The domain is not part of a forest and is a standalone domain.
- Active Directory is setup with multi-master replication.
It is my understanding that under these conditions that LDAP referral chasing will not be required on the domain.
I am unsure if LDAP referral chasing could initiated by the client applications (for example by outlook.exe), regardless of the domain setup.
Will this domain be impacted by the issue described by Microsoft?
Best Answer
A referral chase is initiated by the client when a domain controller returns a referral from a query. A referral is returned if a query is not within the domain/forest namespace, or for details of a query result that may outside the namespace (such as group members in another domain/forest).
For local partition (LDAP) queries, a referral is required for any namespace outside the local domain namespace. For Global Catalog (GC) queries, a referral is required if the namespace is outside the forest. A GC query would also require a referral if the query hits a domain controller that is not a Global Catalog (which should not be the case - all domain controllers should be a Global Catalog).
If your domain is DC=contoso,DC=com, a referral would be required for local partition queries if the namespace is:
DC=child,DC=contoso,DC=com
DC=fabrikam.com (tree root domain in contoso forest)
DC=litware,DC=com (separate forest)
But if it is a Global Catalog query, a referral is only needed if the namespace of the query is DC=litware,DC=com.