Forum Discussion
mathiassii
Sep 09, 2019Copper Contributor
Tree AD trust with AAD Connect
Hi guys. I have a customer having multiple forests but one of them is tree root trust and not forest trust. We implemented AAD Connect and we can't synchronize user password with this forest. All acc...
LM
Sep 10, 2019Brass Contributor
AD trust is not a requirement for AAD Connect unless you are using PTA for auth. If using PTA you will need a forest trust. If not using PTA then check if the permissions\firewalls are all in place for password sync.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq
mathiassii
Sep 10, 2019Copper Contributor
Hi LM ,
Currently we didn't implement the PTA but it's the next step ;). Thanks for your link.
We will recheck the permissions and firewall.
Thanks
- rosaliodSep 10, 2019Brass Contributor
mathiassii The ADDS connector space agent needs to have at least the following permissions in the other forest. Did you verify this?
Allow AD DS Connector Account Replicating Directory Changes This object only (Domain root) Allow AD DS Connector Account Replicating Directory Changes All This object only (Domain root) - mathiassiiSep 11, 2019Copper Contributor
Hi rosaliod
yes we verified it and everything is ok.
- rosaliodSep 12, 2019Brass Contributor
mathiassii I recommend you try using the password hash troubleshooting tool.