You are using the Schemus LDAP Synchronization Tool and are receiving the error “Couldn’t read from source. Unable to follow referral….”.
Couldn’t read from source.
Unable to follow referral ldap://ForestDnsZones....
This issue is a result of how Active Directory works. Since the directory is distributed, entries in one location include referrals (also called continuation references) which, instead of returning a result, will return a URL from which to continue the search. This is often time the way how sub-domains are searched - there is a referral in the top-level domain to a location from which to search for each sub-domain.
Active directory includes referrals which reference the domain rather than a specific host. The Microsoft DNS should resolve the domain name in these URLs to the domain controller. You will see three of these in Active Directory:
ldap://<domain> ldap://ForestDnsZones.<domain> ldap://DomainDnsZones.<domain>
where <domain> is your domain, (e.g. example-domain.com).
While "Ignore the referral" is selected, if the search encounters a referral, the referral URL is ignored. Schemus will not attempt to search the location indicated by the referral. This may cause entries to be missed since the referral may be referencing a directory location that contains data you need to upload.
There are a few ways to work around DNS issues such as this:
<ip address of domain controller> <domain> ForestDnsZones.<domain> DomainDnsZones.<domain>