question

stavrosmitchell-6182 avatar image
0 Votes"
stavrosmitchell-6182 asked AndreasBaumgarten commented

Unable to add a second forest in AAD Connect

Hey Everyone I have customer who is trying to add an addition forest to his AD Connect. They do not have a trust set up between the 2 forest and they will not establish one. When setting up ad connect we are getting the following error " The domain specified in the credentials does not exist or cannot be contacted" Any ideas what could be causing the problem?

Thanks for the help

azure-ad-connect
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered stavrosmitchell-6182 commented

Hi @stavrosmitchell-6182 ,

it's possible to ping the untrusted AD domain (and domain controllers) by name from the server running AD Connect?


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @AndreasBaumgarten

Yes i can ping the domain and the domain controllers

thanks

0 Votes 0 ·
AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered stavrosmitchell-6182 commented

Hi @stavrosmitchell-6182 ,

all required ports are "allowing communication" between AD Connect and the DC of the untrusted AD?

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports#table-1---azure-ad-connect-and-on-premises-ad


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndreasBaumgarten

Yes they were open, but i found the issue it cannot resolve-dnsmae _ldap._tcp.domain.com. Now need to troubleshoot that

0 Votes 0 ·
AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered AndreasBaumgarten commented

Hi @stavrosmitchell-6182 ,

I don't know if your DNS server, used by the AD Connect VM, got the forward lookup zone of the untrusted domain or if you are using conditional DNS forwarding.

But this would be my check.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @stavrosmitchell-6182 ,

should work but never tried so far.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

0 Votes 0 ·