Q: Microsoft Active Directory Error: 
   javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error] 

A: By default (referral=ignore), Sun's LDAP provider (client) sends a noncritical 
   "manage referral" control (REF 3296: www.ietf.org/rfc/rfc3296.txt) with each request that
   tells the LDAP server to return referral entries as ordinary entries 
   (instead of returning "referral" error responses or continuation references).
   This posts a problem for some servers that do not handle noncritical
   controls properly. To get around the problem, set java.naming.referral=follow
   before creating the initial context, this will turn-off or de-activate the manage 
   referral control.
 
   LDAP referral controls are supported only by LDAPv3 and are not transmitted
   over LDAPv2 connections. Therefore, set java.naming.ldap.version=2 shall also
   fix this error.

   See jndi reference at java.sun.com (products/jndi/tutorial/ldap/referral/jndi.html).