Kerberos Realm Domain Trust setup between the two domains - Authenticate automatically

Hi BlairMuller,

To allow AADDS users to authenticate with AD DS resources automatically, you need to configure the following:

1. Kerberos realm trust: Make sure that the two domains are configured to trust each other, and that the trust relationship is bidirectional.
2. SPNs: Register the SPNs for the AD DS resources that the AADDS users need to access.
3. Permissions: Make sure that the AADDS users have the appropriate permissions on the AD DS resources.
4. UPN suffix: Make sure that the AADDS users are using the UPN suffix of the AADDS domain when they authenticate to the AD DS resources.

Here are some additional tips for troubleshooting authentication issues between AADDS and AD DS:

• Make sure that the time and date are synchronized between the two domains.
• Make sure that the DNS servers are configured correctly.
• Make sure that the firewall is not blocking any necessary traffic.

Here are some useful links to this issue:

• Troubleshooting sign in problems in Microsoft Entra Domain Services: https://learn.microsoft.com/en-us/entra/identity/domain-services/troubleshoot-sign-in
• How to enable Azure AD DS authentication for your Azure File Shares: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable
• Techniques to troubleshoot Active Directory issues: https://www.techtarget.com/searchwindowsserver/tip/Techniques-to-troubleshoot-Active-Directory-issues