J'ai 2 domains, chaque avec 2 Domain Controllers:
company.local
ad.company.com.au
Both domains are in le même forest et have a bi-direction trust setup. We're migrating to le ad.company.com.au at present, however having certains issues avec systems that need to query LDAP.
When doing an LDAP search against soit Domain Controller in ad.company.com.au we get a referral to company.com.au qui is NOT under AD control:
$ ldapsearch -x -h 172.xx.xx.11 -b DC=company,DC=com,DC=au -D "my.username@ad.company.com.au" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <DC=company,DC=com,DC=au> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
# with manageDSAit control
#
# search result
search: 2
result: 10 Referral
text: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: 'company.
com.au'
ref: ldap://company.com.au/DC=company,DC=com,DC=au
# numResponses: 1
Note le referral points to company.com.au qui AD does NOT control -- le domain is ad.company.com.au et it is delegated by le company.com.au nameservers to le 2 DC's.
Querying le Global Catalog on le même server gives us le results we expect.
So why would le Domain Controller for a domain pas know about le domain in c'est LDAP, tandis que le GC does know?
