AD Connect custom setup issue

%3CLINGO-SUB%20id%3D%22lingo-sub-2247070%22%20slang%3D%22en-US%22%3EAD%20Connect%20custom%20setup%20issue%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2247070%22%20slang%3D%22en-US%22%3E%3CP%3Ewe're%20installing%20AD%20connect%20to%20sync%20two%20separate%20forest%20to%20the%20same%20tenant%3C%2FP%3E%3CP%3EAD%20Connect%20has%20been%20installed%20on%20DC%20on%20DOM-A.%3C%2FP%3E%3CP%3EThe%20two%20companies%20are%20connected%20via%20VPN%2C%20no%20firewall%20restrictions%20are%20present.%3C%2FP%3E%3CP%3EOn%20the%20DC%20on%20Company%20A%20we%20have%20added%20a%20secondary%20zone%20for%20the%20internal%20domain%20of%20Company%20B%3C%2FP%3E%3CP%3Ewhen%20we%20run%20the%20AD%20connect%20wizard%20using%20the%20custom%20setup%20and%20we%20try%20to%20add%20the%20remote%20forest%20we%20get%20the%20following%20error%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%5B31%2F03%2F2021%2016%3A14%3A16%5D%20%5BINFO%20%5D%20Verifying%20if%20the%20provided%20credentials%20are%20correct%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A16%5D%20%5BINFO%20%5D%20Attempting%20to%20obtain%20a%20domainFQDN%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A16%5D%20%5BINFO%20%5D%20Attempting%20to%20retrieve%20DomainFQDN%20object...%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A17%5D%20%5BSUCCESS%5D%20The%20provided%20credentials%20were%20correct%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A17%5D%20%5BINFO%20%5D%20Attempting%20to%20obtain%20Domain%20Controllers%20associated%20with%20companyb.lan%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A17%5D%20%5BINFO%20%5D%20Obtaining%20ForestFQDN%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A17%5D%20%5BINFO%20%5D%20Attempting%20to%20retrieve%20ForestFQDN...%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A36%5D%20%5BERROR%20%5D%20Exception%20calling%20%22GetForest%22%20with%20%221%22%20argument(s)%3A%20%22The%20specified%20forest%20does%20not%20exist%20or%20cannot%20be%20contacted.%22%3CBR%20%2F%3E%5B31%2F03%2F2021%2016%3A14%3A36%5D%20%5BERROR%20%5D%20Cannot%20retrieve%20DCs%20associated%20to%20a%20forest%20named%3A%20companyb.lan.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20we%20run%20the%20get-adforest%20for%20the%20companyB%20domain%20controller%20we%20are%20able%20to%20retrieve%20data%3C%2FP%3E%3CP%3ECan%20anyone%20help%20us%20with%20it%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2247070%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

we're installing AD connect to sync two separate forest to the same tenant

AD Connect has been installed on DC on DOM-A.

The two companies are connected via VPN, no firewall restrictions are present.

On the DC on Company A we have added a secondary zone for the internal domain of Company B

when we run the AD connect wizard using the custom setup and we try to add the remote forest we get the following error

 

[31/03/2021 16:14:16] [INFO ] Verifying if the provided credentials are correct
[31/03/2021 16:14:16] [INFO ] Attempting to obtain a domainFQDN
[31/03/2021 16:14:16] [INFO ] Attempting to retrieve DomainFQDN object...
[31/03/2021 16:14:17] [SUCCESS] The provided credentials were correct
[31/03/2021 16:14:17] [INFO ] Attempting to obtain Domain Controllers associated with companyb.lan
[31/03/2021 16:14:17] [INFO ] Obtaining ForestFQDN
[31/03/2021 16:14:17] [INFO ] Attempting to retrieve ForestFQDN...
[31/03/2021 16:14:36] [ERROR ] Exception calling "GetForest" with "1" argument(s): "The specified forest does not exist or cannot be contacted."
[31/03/2021 16:14:36] [ERROR ] Cannot retrieve DCs associated to a forest named: companyb.lan.

 

If we run the get-adforest for the companyB domain controller we are able to retrieve data

Can anyone help us with it ?

 

3 Replies
Multiple forests, multiple sync servers to one Azure AD tenant

Having more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported. The exception is the use of a staging server.

This topology differs from the one below in that multiple sync server connected to a single Azure AD tenant is not supported.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
I’m not using 2 AD Connect
The topology I’m using is
- 2 forest
- 1 tenant
- 1 ad sync
I found the solution, if it can help in the future.
When we configured the DNS resolution for domain B using a secondary zone in the DomainA's DNS we replicated only the domain fqdn. We had also to configure the secondary zone for _msdcs.domain.com ( a conditional forwarder would have done as well )