Forum Discussion

StefanoC66's avatar
StefanoC66
Iron Contributor
Mar 31, 2021

AD Connect custom setup issue

we're installing AD connect to sync two separate forest to the same tenant

AD Connect has been installed on DC on DOM-A.

The two companies are connected via VPN, no firewall restrictions are present.

On the DC on Company A we have added a secondary zone for the internal domain of Company B

when we run the AD connect wizard using the custom setup and we try to add the remote forest we get the following error

 

[31/03/2021 16:14:16] [INFO ] Verifying if the provided credentials are correct
[31/03/2021 16:14:16] [INFO ] Attempting to obtain a domainFQDN
[31/03/2021 16:14:16] [INFO ] Attempting to retrieve DomainFQDN object...
[31/03/2021 16:14:17] [SUCCESS] The provided credentials were correct
[31/03/2021 16:14:17] [INFO ] Attempting to obtain Domain Controllers associated with companyb.lan
[31/03/2021 16:14:17] [INFO ] Obtaining ForestFQDN
[31/03/2021 16:14:17] [INFO ] Attempting to retrieve ForestFQDN...
[31/03/2021 16:14:36] [ERROR ] Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."
[31/03/2021 16:14:36] [ERROR ] Cannot retrieve DCs associated to a forest named: companyb.lan.

 

If we run the get-adforest for the companyB domain controller we are able to retrieve data

Can anyone help us with it ?

 

Azure Active Directory (AAD)
Azure AD Connect

3 Replies

  • Seshadrr's avatar
    Seshadrr
    Iron Contributor
    Mar 31, 2021
    Multiple forests, multiple sync servers to one Azure AD tenant

    Having more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported. The exception is the use of a staging server.

    This topology differs from the one below in that multiple sync server connected to a single Azure AD tenant is not supported.

    https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
    • StefanoC66's avatar
      StefanoC66
      Iron Contributor
      Mar 31, 2021
      I’m not using 2 AD Connect
      The topology I’m using is
      - 2 forest
      - 1 tenant
      - 1 ad sync
      • StefanoC66's avatar
        StefanoC66
        Iron Contributor
        Apr 01, 2021
        I found the solution, if it can help in the future.
        When we configured the DNS resolution for domain B using a secondary zone in the DomainA's DNS we replicated only the domain fqdn. We had also to configure the secondary zone for _msdcs.domain.com ( a conditional forwarder would have done as well )