i received the following message from one of our developers that has been encountering issues with directory synchronization ever since we upgraded our dcs, and raised forest & domain functional level to ws08r2:
The problem exists only when connecting to an Active Directory 2008 R2 server (works for all Active Directory versions prior). We verified that the open-source code is using the correct LDAP standard API for accessing the domain controller. As further confirmation of the problem, I have also found numerous forum posts online for a variety of other applications (Alfresco, Java, Oracle, Symantec, Liferay, etc.) experiencing the same problem as we are seeing (worked up until an upgrade to 2008 R2).
It seems to be an inherent problem with Microsoft's pagination control "1.2.840.113556.1.4.319 (pagedResultsControl)" in AD 2008 R2, and Microsoft has not released a fix yet.
We are going to discontinue use of Active Directory for synchronization from our applications, as all of our applications utilize standards-based technologies (e.g. LDAP), and it is clear that Microsoft is moving away from supporting the necessary standards.
Thank you for all your help looking into this on your end, but it seems like we will have to wait for Microsoft to release a fix for this one.
we applied kb977180-v2 http://support.microsoft.com/kb/977180 to each dc, but we apparently still have an issue... anybody have suggestions to keep our developers from abandoning ad for directory searches?