This is most likely to be caused by continuation references generated by the LDAP server for LDAP referrals to other parts of the directory. Referrals are often stored using the host name of the target LDAP server, which, in the case of a self-referral, can be the name of the original host to which the connection was made. If it is not necessary to follow the continuation references, this can be disabled from the Configuration Wizard. Select the 'Data Source', 'LDAP' page and click the 'Advanced' button. Change 'Continuation references' to ignore.
On Active directory servers, it may be possible to avoid continuation references by connecting to port 3268 on the server rather than port 389. If it is necessary to follow the continuation references, the problem must be resolved either in the LDAP server or on the Client host.
For Unknown Host errors, the problem is most likely to be a failed DNS lookup. Ensuring DNS is working correctly on the computer from which Schemus is run should resolve the issue. Alternatively, the hostnames and IP addresses of the referred servers could be added to the hosts file.
For Connection Refused errors, the problem is likely to be due to incorrect referral information or a failure in the LDAP service on the referred server. Ensure that all the referred LDAP servers are running and/or update the referral entries on the LDAP server.

Schemus is attempting to use the LDAP paging control for search results although the directory doesn't support paging.
Disable paging in Schemus.
Go to the 'Data Source' 'LDAP' page in the wizard
Click the 'Advanced' button.
On the Advanced page, change 'Paging type' from 'page' to 'none'.

Note LDAP searches will still work within a synchronization even without changing the Paging type since if the server reports that paging is unsupported Schemus will always retry without paging.

Since the directory is distributed, entries in one location include referrals (also called continuation references) which, instead of returning a result, will return a URL from which to continue the search. This is often how sub-domains are searched - there is a referral in the top-level domain to a location from which to search for each sub-domain.

Active directory includes referrals which reference the domain rather than a specific host. The Microsoft DNS should resolve the domain name in these URLs to the domain controller. You will see 3 of these in Active Directory:

ldap://<domain>
ldap://ForestDnsZones.<domain>
ldap://DomainDnsZones.<domain>

where <domain> is your domain, (e.g. example-domain.com).

If you choose to ignore the referral then when the search encounters a referral, the referral URL is ignored. Schemus will not attempt to search the location indicated by the referral. This may cause entries to be missed since the referral may be referencing a directory location that contains data you need to upload.

There are a few ways to work around DNS issues such as this:

1. If you're using a mail synchronization and you are connecting to a Global Catalog (GC) you could connect to the GC port, 3268, instead of the LDAP port, 389. The search will be far quicker and won't follow referrals. You can also search from the root of the directory.

A Global Catalog search will only work if all the necessary data are replicated to the GC. For Address synchronizations, the required email addresses are usually available but for Group and User synchronizations, the full group membership information will not typically be available.

2. If you're not connecting to a GC, you could try moving the search base down a level or two so that the search doesn't encounter the referrals.

3. If you don't mind these always resolving to one host from the machine on which Schemus is running you could force the name resolution by adding some entries to the local hosts file:

<ip address of domain controller> <domain> ForestDnsZones.<domain> DomainDnsZones.<domain>

By modifying the LDAP search filter it is possible to prevent the upload of addresses from users or contacts in Active Directory for which 'Hide from Exchange address lists' is selected.

To accomplish this, a filter can be added which excludes objects with the attribute msExchHideFromAddressLists set to TRUE.

In the synchronization tool open the configuration and click on 'Modify'.

Click on 'LDAP Search' in the wizard dialog.

The Search filter should already be enclosed in parentheses. If not, append ( to the beginning and ) to the end. Do not include any spaces.

Insert

(&(!(msExchHideFromAddressLists=TRUE))

at the beginning of the existing search filter

and append

)

to the end. Do not include any spaces.

Click 'Save'.