Problems running LDAP query on 2008 R2 DC. The same one works on a 2003 DC

active-directorydomain-controllerwindows-server-2003windows-server-2008-r2

If I run the following LDAP sentence on a 2008 R2 Domain Controller,

adoCommand.CommandText = "<LDAP://my2008DC.MyChild.MyPDC.com/CN=Enterprise Admins,CN=Users,DC=MyPDC,DC=com>;(&(objectCategory=group)(cn=*));cn;base"
Set adoRecordset = adoCommand.Execute

I get "a referral was returned from the server" error.

However if I run the same script on a 2003 DC, it runs fine.

Notice my2008DC is a global catalog in the MyChild.MyPDC.com domain, would have a partial copy of the MyPDC.com domain and therefore could query that server to find information about objects in MyPDC.com, am I right?

Any clues about why 2003 Domain Controllers are able to run it and 2008 DCs not?

Best Answer

From the servername I deduce that this is a DC for a child domain. You are asking for data about an entity in the parent domain and thus the referral.

You are querying AD here, not the global catalog so AD doesn't have the data. I would venture the guess that your win2k3 DC is in the parent domain.

Best Answer

Related Solutions

Exchange 2003 SP2 and Windows Server 2008 R2 Domain Controllers

Ldap – AdPrep logs show an LDAP error

Related Topic