Active Directory LDAP Referrals

We have a Windows 2012 R2 domain with 8 DC's. We have a third party app being setup with LDAP and needs to set if referral are enabled or not in the domain. From my understanding, referrals are enabled by default in AD and cannot be disabled. Is this correct?
LVL 21
compdigit44Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael B. SmithManaging ConsultantCommented:
No, they can't be disabled.
compdigit44Author Commented:
I was was correct in stating this is on by default? The purpose of referrals it to reach out to other LDAP servers to find an object if not present on the current server because of replication. Is this correct?
Michael B. SmithManaging ConsultantCommented:
Yes, it is on by default.

If they want to NOT receive referrals, then tell them to connect to the GC (global catalog) port, not the LDAP port.
compdigit44Author Commented:
Why is that?
Michael B. SmithManaging ConsultantCommented:
The global catalog contains "all" the data it can contain on every server that is marked as a global catalog. That's why it's called a "global catalog" for a forest. :-)

Therefore it knows that issuing a referral will never allow a requestor to obtain additional information. So it doesn't issue referrals.

Now, you are almost certainly thinking, "why wouldn't everything use a global catalog?"

The answer is simple - GCs don't contain all information about objects. Only certain specific selected data is stored in the GC. An object returned from the GC query may only be a few percent in size when compared to the object returned from a normal LDAP query. The QUESTION becomes - does the GC query contain the required information?

Only you/your app-vendor can answer that question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.