Active Directory Referral Limit Error 0x00002044 Fixed
This error means AD referral chasing stopped at the max hop count. Here's exactly how to fix it without wasting time.
Yeah, this one's a pain. You're running an AD query—like a dsquery across domains or an app that trusts across forests—and boom, error 0x00002044. The referral limit was exceeded. Don't panic. This is almost always a config issue, not a network meltdown.
The Quick Fix: Bump the Registry Value
Open Regedit on the machine throwing the error (usually a domain controller, sometimes a member server running an app). Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\ParametersLook for a DWORD called Referral Chasing Limit. If it's not there, create it. Default is 5—that's the max number of referral hops before Windows gives up and throws 0x00002044.
Set it to 10 or 15. I usually go with 10 unless the environment is a mess of nested domains. Reboot the DC or restart the Active Directory Domain Services service for it to take effect.
Why This Works
Active Directory referrals work like a chain. Domain A refers you to Domain B, which refers you to Domain C. Each hop adds to the count. The default limit of 5 means you can have at most 5 referrals in a single query. In a sprawling forest with multiple child domains, 5 runs out fast. This is especially common with cross-forest trusts or apps that do deep LDAP searches.
Had a client last month whose ERP system kept dying during user import. Turned out the app was chasing referrals through three forests with 7 domains total. Upping the limit to 15 fixed it instantly. Zero impact on performance—Windows just allows more hops before bailing.
Less Common Variations
1. Client-side limit: Sometimes the error shows on a workstation, not a server. For Windows 10/11 clients, the registry path is different:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\ParametersAdd a DWORD ReferralChasingLimit (note no space) and set it to 10. Reboot.
2. Application-specific limit: Some apps like Active Directory Lightweight Directory Services (AD LDS) or third-party LDAP clients have their own referral chase settings. For AD LDS, check the instance's registry under:
HKLM\SYSTEM\CurrentControlSet\Services\ADAM_InstanceName\ParametersSame fix—add or modify the DWORD.
3. Group Policy killing referrals: Rare, but I've seen a GPO that disables referral chasing via the Network Access: Restrict anonymous access to Named Pipes and Shares policy. If the fix above doesn't work, check your GPOs for anything that restricts LDAP referral behavior. It's usually a security policy gone rogue.
How to Prevent This Long-Term
The real fix isn't just bumping the limit—it's understanding why your queries are hitting it. If you're constantly chasing across 10 domains, your AD design might need simplification. But for most real-world cases, the default of 5 is too low. Set it to 10 on all DCs and clients that run directory queries. Document it in your build standards so the next admin doesn't spend three hours Googling.
Also, test your LDAP applications. Some apps let you set the referral chase limit in their own config (like nslapd on Linux). Match those to the Windows registry value. Inconsistent limits cause intermittent errors that are a nightmare to debug.
Finally, monitor the event log. Event ID 2080 from NTDS will log referral failures. If you see them after bumping the limit, you've got a deeper network or DNS issue—like a DC that can't reach its referral target. But 9 times out of 10, it's just the limit.
Was this solution helpful?