Unable to create CrossRef object in Active Directory
Issue Statement:
Unable to create CrossRef object for Child.Contoso.local in configuration partition of Contoso.local domain.
Error: Operation failed. Error code: 0x2071
An attempt was made to add an object to the directory with a name that is already in use.
Environment Detials:
Forest 1 : Contoso.local
Forest 2 : Child.Contoso.local
Cause:
The nCname attribute value of the CrossRef object was conflicting with distinguished name of an OU in Contoso.local domain.
Resolution:
Ran following PowerShell Command:
Get-ADObject -LDAPFilter { (&(ObjectClass=*)(ANR=Child) ) }
DistinguishedName Name ObjectClass ObjectGUID -------------------------- ---- --------------- ----------- OU=Child,DC=Contoso,DC=local Child organizationalUnit ad0e7069-090f-40bd-96ac-ed...
Renamed the OU to resolve the issue.
Additional Information From <https://technet.microsoft.com/en-us/library/cc978014.aspx>
External Cross-References
An external cross-reference is a cross-reference object that can be created manually to provide the location of an object that is not stored in the forest. If your LDAP clients submit operations for an external portion of the global LDAP namespace against servers in your forest, and you want your forest’s servers to refer the client to the correct location, you can create a cross-reference object for that directory in the Partitions container.
Creating External Cross-References
The only time you have to create a cross-reference object is when you want to extend a search to a directory outside the forest that is a non-Windows 2000 LDAP directory service In this case, you can use an LDAP editor, such as ADSI Edit or Ldp, to create objects of the class crossRef in the Partitions container that reference external directories.
When you create a cross-reference object, you must provide the values for three attributes:
cn The name that describes the directory. For example, for the domain noam.reskit.com, your cn value might be “noam” or something else that describes that domain, such as “NorthAmerica.”
nCName The distinguished name of the domain directory partition to which your cross-reference refers. If the domain name is noam.reskit.com, the value of nCName would be dc=noam,dc=reskit,dc=com.
dnsRoot The DNS host name of an LDAP server in the domain that is identified by nCName (for example, server1.noam.reskit.com). The value ofdnsRoot can also be the domain name if you do not want to specify a server.
Note
You must be able to resolve (“ping#34;) the name in dnsRoot , which does not necessarily name another Windows 2000–based system; it might be the DNS address of an LDAP server instead of a domain controller. If the directory partition is a Windows 2000 domain from another forest, automatically generated knowledge is usually sufficient and no external cross-reference is required.
You can use either ADSI Edit or Ldp to create cross-reference objects in the Configuration container. However, Ldp requires that you provide the distinguished name of an object and its mandatory and optional attribute names and values when you add the object to Active Directory. For more information about using Ldp, see Microsoft Windows 2000 Resource Kit Tools Help.
ADSI Edit provides a convenient graphical user interface for creating cross-reference objects.
To use ADSI Edit to create a cross-reference object
- In ADSI Edit, expand the Configuration container.
- Right-click the CN=Partitions container, click New , and then click Object .
- For Select a class , you can create objects of only class crossRef , which is already selected. Click Next .
- For the cn attribute, in the Value box, type a name that describes the location, and then click Next .
- For the nCName attribute, in the Value box, type the distinguished name for the external domain, and then click Next .
- For the dnsHostname attribute, in the Value box, type a DNS name for the server that hosts the domain directory partition, or type the domain name.
- When you are sure that your entries are correct, click Finish.