Partager via


3.1.1.4.6 Referrals

When the server returns a referral as documented in section 3.1.1.3.1.4, it MUST determine which server(s) to refer the client to. The set of servers to which the client will be referred is the set of values returned by the following algorithm.

Let N be the DSNAME of the base of the LDAP search.

Let NSID be the sid portion of N.

Let NGUID be the guid portion of N.

Let NSTR be the dn portion of N.

The value is:

  • (the values of O!dnsRoot for the object O where:

  • and (the value for Root-Domain-NC!dnsRoot after prepending "gc._msdcs." and either replacing the first matching ":*" with ":3268" or, if there are no matches of ":*", then by appending ":3268" when:

    • (NSTR is not present)

    • and (NGUID is present))

  • and (the values of O!dnsRoot for the object O where:

    • (NSTR is present)

    • and (O!nCName is a prefix for NSTR and is the longest prefix among all O satisfying these conditions)

    • and (O!parent is the Partitions container)

    • and (O!objectClass's most specific object class is crossRef)

    • and (O!Enabled is TRUE))

  • and (the value is Root-Domain-NC!superiorDNSRoot when:

    •  (NSTR is present)

    • and (Root-Domain-NC!superiorDNSRoot is present)

    • and (there exists no object O such that

      • ((O!nCName is a prefix for NSTR)

      • and (O!parent is the Partitions container)

      • and (O!objectClass's most specific class is crossRef)

      • and (O!Enabled is TRUE)))

  • and (the value is the transform of TO.dn into a dotted string by concatenating the value for the first dc component with values for subsequent components separated by "." (for example, CN=bob,DC=One,DC=Two is transformed into One.Two) when:

    • ((NSTR is present)

    • and (Root-Domain-NC!superiorDNSRoot is not present)

    • and (there exists no object O such that

      • ((O!nCName is a prefix for NSTR)

      • and (O!parent is the Partitions container)

      • and (O!objectClass's most specific class is crossRef)

      • and (O!Enabled is TRUE)))))