Forum Discussion
Tree AD trust with AAD Connect
Hi guys. I have a customer having multiple forests but one of them is tree root trust and not forest trust. We implemented AAD Connect and we can't synchronize user password with this forest. All accounts in other forests work very well.
Someone knows if the tree root trust is compatible with Azure AD Connect ? Someone already has this problem ?
Thanks
- LMBrass Contributor
AD trust is not a requirement for AAD Connect unless you are using PTA for auth. If using PTA you will need a forest trust. If not using PTA then check if the permissions\firewalls are all in place for password sync.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq
- mathiassiiCopper Contributor
Hi LM ,
Currently we didn't implement the PTA but it's the next step ;). Thanks for your link.
We will recheck the permissions and firewall.
Thanks
- rosaliodBrass Contributor
mathiassii The ADDS connector space agent needs to have at least the following permissions in the other forest. Did you verify this?
Allow AD DS Connector Account Replicating Directory Changes This object only (Domain root) Allow AD DS Connector Account Replicating Directory Changes All This object only (Domain root)