I have a group MySoftwareUsers in the nam.con.internal.contoso.com domain.
The software I am installing doesn't have an option to specify a location to search, it uses the root domain con.internal.contoso.com for the search base and returns nothing.
A query for NAM\MySoftwareUsers also does not work. Is there a proper syntax for this search?
con.internal.contoso.com
nam.con.internal.contoso.com
sam.con.internal.contoso.com
afr.con.internal.contoso.com
eur.con.internal.contoso.com
mes.con.internal.contoso.com
asas.con.internal.contoso.com
aus.con.internal.contoso.com
referral
: " if server A holds "DC=example,DC=net" and server B hold "DC=sub,DC=example,DC=net", server A may contain a referral object named "DC=sub,DC=example,DC=net" which contains a ref attribute with value of "ldap://Server-B/DC=sub,DC=example,DC=net
". -|- But I have no idea how that works and/or is configured in AD.from dsquery if i type look for the group it will not find it. if y specify the sub tree it will find it in dsquery.
In AD, you should be able to query any object in the nam child domain from the root, however it requires a global catalog query, which you aren't doing. Given that, it doesn't matter if you query for an object on the local /LDAP partition for the con parent, the object isn't there. You may get a referral though, which is probably not used. You also need to ensure that the group scope is universal, and not global or local. This is easy to verify in AD Users and Computers.