The Altiris Agent uses the primary DNS suffix to determine the Windows domain and returns the error:
<event date='Feb 10 03:27:14' severity='2' hostName='comp1' source='BasicInventory' module='AeXBasicInventory.dll' process='aexmachinv.exe' pid='3032' thread='1272' tickCount='812394781' >
<![CDATA[Error while gathering AD distinguished name: Error connecting to AD object LDAP://DC=altiris,DC=com: A referral was returned from the server. (-2147016661)]]></event>
The Altiris Agent incorrectly uses the root DNS domain in the LDAP query to determine the agent's FQDN/Distinguished Name. This causes problems in environments where the DNS suffix does not match the root DNS name for the AD forest. For example, the DNS domain may be altiris.com, but the AD domain name is na.altiris.com. When the Altiris Agent queries LDAP://altiris.com/... it gets a referal to na.altiris.com, which caused the function to fail.
Upgrade the agent to Altiris Agent R5, which is build 6.0.2386.
Notification Server 6.0