"A referral was returned from the server" error only while querying LDAP from outside the domain

user1576882 picture user1576882 · Aug 5, 2012 · Viewed 20.4k times · Source

I have 2 domains in the forest. 2nd one is the child domain of the first one. Like below...

Domain1 = abc.com on machine machine1 Domain2 = child.abc.com on machine macnihe2

I have c# application which tries to create a DirectoryEntry on the child domain.

LDAP://machine1/OU_IN_CHILD_DOMAIN/PARENT_DOMAIN_USERNAME_AND_PASSWORD

This works when my c# application is on parent domain i.e on abc.com but if my c# application is on any un-related domain like unrelateddomain.com, I get A referral was returned from the server error.

Please let me know why is this? In first case AD is able to do 'Referral chasing' but not in second case. Is there something am I missing?

Answer

Lizz picture Lizz · Oct 17, 2012

I had this exact problem for months and just solved it this afternoon. Here's what you will need to do: prepend a domain controller hostname from the child domain to the LDAP string. In your example, it might be like this for the sub/child domain:

LDAP://MyChildDomainController1.child.abc.com

You also mention connecting from an unrelated domain/LDAP/Active Directory. If there is no trust between Active Directory on the two domains and their LDAP structure is unrelated, then you will not be able to use the above method. If it's possible, you're only approach in that circumstance would be to use an authenticated connection. Never tried it but this is a possible answer:

https://stackoverflow.com/a/9252303/1569434

"...ensure that the service account (or computer account if network service) hosting the code above is allowed to delegate to the LDAP service on all of the DCs in your environment"