Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AD Connect custom setup issue

Brass Contributor

we're installing AD connect to sync two separate forest to the same tenant

AD Connect has been installed on DC on DOM-A.

The two companies are connected via VPN, no firewall restrictions are present.

On the DC on Company A we have added a secondary zone for the internal domain of Company B

when we run the AD connect wizard using the custom setup and we try to add the remote forest we get the following error

 

[31/03/2021 16:14:16] [INFO ] Verifying if the provided credentials are correct
[31/03/2021 16:14:16] [INFO ] Attempting to obtain a domainFQDN
[31/03/2021 16:14:16] [INFO ] Attempting to retrieve DomainFQDN object...
[31/03/2021 16:14:17] [SUCCESS] The provided credentials were correct
[31/03/2021 16:14:17] [INFO ] Attempting to obtain Domain Controllers associated with companyb.lan
[31/03/2021 16:14:17] [INFO ] Obtaining ForestFQDN
[31/03/2021 16:14:17] [INFO ] Attempting to retrieve ForestFQDN...
[31/03/2021 16:14:36] [ERROR ] Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."
[31/03/2021 16:14:36] [ERROR ] Cannot retrieve DCs associated to a forest named: companyb.lan.

 

If we run the get-adforest for the companyB domain controller we are able to retrieve data

Can anyone help us with it ?

 

3 Replies
Multiple forests, multiple sync servers to one Azure AD tenant

Having more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported. The exception is the use of a staging server.

This topology differs from the one below in that multiple sync server connected to a single Azure AD tenant is not supported.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
I’m not using 2 AD Connect
The topology I’m using is
- 2 forest
- 1 tenant
- 1 ad sync
I found the solution, if it can help in the future.
When we configured the DNS resolution for domain B using a secondary zone in the DomainA's DNS we replicated only the domain fqdn. We had also to configure the secondary zone for _msdcs.domain.com ( a conditional forwarder would have done as well )