Regarding referral invalidation confirmation method to user directory (AD)

Document ID : KB000098918
Last Modified Date : 31/05/2018
Show Technical Document Details
Question:
How should we confirm if EnableADEnhancedReferals is valid ?
Answer:
You can see LDAP bind errors in smps.log as below.

Example bind Errors:
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server DomainDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ForestDnsZones.ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server
[SmDsLdapConnMgr.cpp:809][ERROR] SmDsLdapConnMgr Bind. Server ad2k3systest.com : 389. Error 91-Can't connect to the LDAP server

Details of the registry EnableADEnhancedReferals.
This registry entry is added to support the enabling and disabling of the Enhanced Referral for AD (& ADAM) User Directories.
Default value is 1 ( enabled)
If the user store connection ( AD / ADAM) is configured with the LDAP namespace, disable the EnableADEnhancedReferals registry key. Disabling this registry key prevents LDAP connection errors from occurring.

Use Case:
1) Without registry or with registry enabled
   The error related to LDAP bind errors will be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is either unavailable or enabled.
2) With registry disabled (0)
    The error related to LDAP bind errors will NOT be logged in smps.log in case AD user store is accessed using LDAP namespace if this new entry is disabled