One of the applications in our XAD environment uses a ldap query, like:

ldapsearch -x -H ldap://dc1.xad.company.local -D xad\\admin -W -b dc=xad,dc=company,dc=local '(distinguishedName=cn=user1,ou=Administration,dc= xad,dc=company,dc=local)'

On most of the users this query returns a -785 error, but not on all. It seems the admin users don't have the problem.

DSTrace on the ldap server reports:

13:03:04 6EA2700 LDAP: New cleartext connection 0xf678e00 from 10.10.10.33:46043, monitor = 0xffffffffee035700, index = 16
13:03:04 FFFFFFFFE9AF2700 LDAP: DoBind on connection 0xf678e00
13:03:04 FFFFFFFFE9AF2700 LDAP: Bind name:xad?min, version:3, authentication:simple
13:03:04 FFFFFFFFE9AF2700 LDAP: New internal connection 0xdf33180 from Internal, index = 0
13:03:04 FFFFFFFFE9AF2700 LDAP: Sending operation result 0:"":"" to connection 0xf678e00
13:03:04 FFFFFFFFEAE1F700 LDAP: DoSearch on connection 0xf678e00
13:03:04 FFFFFFFFEAE1F700 LDAP: Search request:
base: "dc=xad,dc=company,dc=local"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(distinguishedName=cn=user1,ou=Administration,dc= xad,dc=company,dc=local)"
no attributes
13:03:04 FFFFFFFFEAE1F700 LDAP: Sending search result entry "cn=User1,ou=Administration,dc=xad,dc=company,dc=l ocal" to connection 0xf678e00
13:03:04 FFFFFFFFEAE1F700 LDAP: New internal connection 0xf23d880 from Internal, index = 0
13:03:04 FFFFFFFFEAE1F700 LDAP: Unsupported API slapi_sdn_get_backend_parent called
13:03:04 FFFFFFFFEAE1F700 LDAP: New internal connection 0xf23d880 from Internal, index = 0
13:03:04 FFFFFFFFEAE1F700 LDAP: Searching "OU=OES-Server.O=ORG": NDS error:dib error (-785) returned
13:03:04 FFFFFFFFEAE1F700 LDAP: LDAPSearchToCB failed, err = dib error (-785)
13:03:04 FFFFFFFFEAE1F700 LDAP: Sending operation result 80:"":"NDS error: dib error (-785)" to connection 0xf678e00
13:03:04 FFFFFFFFEB021700 LDAP: DoUnbind on connection 0xf678e00
13:03:04 FFFFFFFFEB021700 LDAP: Forcing abandon on operation 0x2:0x63 on connection 0xf678e00
13:03:04 FFFFFFFFEAE1F700 LDAP: Connection 0xf678e00 closed

o=ORG is name mapped to dc=xad,dc=company,dc=local
OU=OES-Server.O=ORG is a partition which is not part of the domain services, because it only contains none dsfw server objects.

Other queries like "(cn=User1)" don't have errors.

Need some help.

Thanks
Tom