none
A referral was returned from the Server

    Question

  • Scenario:
    1) I have one Domain Controller "VM2008R2DC.xyz.com". And a domain joined computer "VM2008R2Dirsync.xyz.com" in which "Dirsync" is working perfectly.
    2) I have installed one more Child Domain "VM2008R2DC2.child.xyz.com".
    3) When I try to run Dirsync tool with child's administrator credential, I get the following error -
    Configuration error
    User CHILD\Administrator is not a member of the group ENterprise Admins. Add this user to this group, and then try again.
    4) When I try to add "Enterprise Admins" as a "Member of", I get the following error -
    The following Active Directory Domain Services error occured: A referral was returned from the server.
    Thursday, May 30, 2013 5:09 PM

Answers

All replies

  • Yes this is cause a Domain Admin in a child domain dosen't have the nesccary rights to perform a DirSync. You need to delegate the "Replicating Directory Changes" extended right ACE granted on the root of the partition being monitored/synced. (Enteprise Admins have this by default on every partition/nc)

    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog

    Thursday, May 30, 2013 5:35 PM
  • Hi,

    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Kevin

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

           
    Tuesday, June 04, 2013 4:00 AM
  • Hello,

    I am expecting some easy description or steps or alteast a redirected Microsoft Link's, so I can read and understand.

    Thanks.

    Tuesday, June 04, 2013 4:02 AM
  • check out active directory groups to understand more:

    http://technet.microsoft.com/en-us/library/cc700835.aspx


    Every second counts..make use of it.

    Tuesday, June 04, 2013 4:28 AM