Getting the error "cannot establish a connection to the domain controller(is) associated to a forest named: contoso.com"

Question

Hello,

We reached our 10GB limit on our current ADConnect/SQL Express instance. We are working on moving the DB to a full SQL server. I stood up a new Entra connect server. While going through the wizard it gives me the error in the screenshot.

The account being used is part of the Enterprise Admins group and is a global admin. The forest is comprised of a primary domain and 2 sub domains. I haven't had a problem on the other ADConnect server with these credentials.

Thanks for any help in advance.

Answer 1

Start by reviewing your DNS configuration (point to the IP address of your domain controller if you are using AD-integrated DNS zones) and check for any firewall restrictions

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

@Alex Thank you for reaching out to us, as per the error mentioned in the screenshot in the query, seems Entra Connect Server having issues connecting to domain controller.

Refer to this article on the ports and protocols that are required for communication between the Microsoft Entra Connect server and on-premises AD.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/reference-connect-ports#table-1---microsoft-entra-connect-and-on-premises-ad

You can also use the port query tool to check the ports between Entra Connect Sync server & On-premise AD - https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/portqry-command-line-port-scanner-v2

Let me know if you have any further questions, feel free to post back.