我在林2域。注：第二个是第一个的子域。像下面...

I have 2 domains in the forest. 2nd one is the child domain of the first one. Like below...

域1 = abc.com 机器上的计算机1 域2 = child.abc.com 机器上macnihe2

Domain1 = abc.com on machine machine1 Domain2 = child.abc.com on machine macnihe2

我有C＃应用程序，它试图创建子域上一个DirectoryEntry。

I have c# application which tries to create a DirectoryEntry on the child domain.

LDAP：// machine1的/ OU_IN_CHILD_DOMAIN / PARENT_DOMAIN_USERNAME_AND_PASSWORD

LDAP://machine1/OU_IN_CHILD_DOMAIN/PARENT_DOMAIN_USERNAME_AND_PASSWORD

这工作时，我的C＃应用​​程序是在父域即在 abc.com 但是，如果我的C＃应用​​程序在任何非相关领域例如 unrelateddomain.com ，我得到的一个引用从服务器返回错误。

This works when my c# application is on parent domain i.e on abc.com but if my c# application is on any un-related domain like unrelateddomain.com, I get A referral was returned from the server error.

请让我知道这是为什么？在第一种情况下AD是能够做到推荐追逐，但不是在第二个案例。是否有什么我缺少什么？

Please let me know why is this? In first case AD is able to do 'Referral chasing' but not in second case. Is there something am I missing?

推荐答案

我有好几个月这个确切的问题，只是解决了这个下午。这里有您需要做的：prePEND子域中的LDAP字符串的域控制器的主机名。在您的例子，它可能是像这样子/子域：

I had this exact problem for months and just solved it this afternoon. Here's what you will need to do: prepend a domain controller hostname from the child domain to the LDAP string. In your example, it might be like this for the sub/child domain:

LDAP：//MyChildDomainController1.child.abc.com

LDAP://MyChildDomainController1.child.abc.com

您还别说，从一个不相关的域/ LDAP / Active Directory的连接。如果有两个域Active Directory之间没有信任和他们的LDAP的结构是不相关的，那么你将无法使用上面的方法。如果有可能，你在那种情况下唯一方法是使用经认证的连接。从来没有尝试过，但是这是一个可能的答案：

You also mention connecting from an unrelated domain/LDAP/Active Directory. If there is no trust between Active Directory on the two domains and their LDAP structure is unrelated, then you will not be able to use the above method. If it's possible, you're only approach in that circumstance would be to use an authenticated connection. Never tried it but this is a possible answer:

http://stackoverflow.com/a/9252303/1569434

......确保服务帐户（或计算机帐户，如果网络   服务）托管高于code被允许委托给LDAP   在所有环境中的DC的服务

"...ensure that the service account (or computer account if network service) hosting the code above is allowed to delegate to the LDAP service on all of the DCs in your environment"