ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB2561166

LDAP Paged Queries with subordinate referrals are not chased properly

You have an application that searches the Active Directory with paged searches using ldap_search_ext or ldap_search_ext_s, and it is set to chase referrals. When it searches off the root of a domain NC, the paged searches end prematurely after the first page.

In the application, the paged cookie it receives is empty and thus the application ends the query. In a network trace, you can verify that the paged query does return a non-empty cookie along with one or more referrals. Most queries will see no result set when chasing the referral, as often the objects searched for in the domain NC do not exist in the subordinate NCs, unless they are also domain NCs.

The application may also receive an “operational error” after the first page.

A Domain Controller returns subordinate referrals for the following naming contexts:

  1. When Searching the Forest root: Configuration NC (followed by a referral for the Schema NC)
  2. When Searching the Forest root: ForestDnsZones NC
  3. DomainDnsZones NC
  4. All child domains. And recursively all grand-child domains down the whole domain tree.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB2561166.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts