Azure AD Connect on Stand-Alone Server (Multi-forest)

%3CLINGO-SUB%20id%3D%22lingo-sub-107031%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20on%20Stand-Alone%20Server%20(Multi-forest)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-107031%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20got%20a%20setup%20with%20AAD%20Connect%20on%20a%20stand-alone%20server.%3C%2FP%3E%3CP%3ESet%20up%20of%20DNS%20forward%20lookup%20zones%20completed%20as%20found%20documented%2C%20but%20getting%20following%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAn%20error%20occurred%20while%20auto%20creating%20an%20account%20in%20the%20forest%20%3CFOREST-1%3E.%20Current%20security%20context%20is%20not%20associated%20with%20an%20Active%20Directory%20domain%20or%20forest.%3C%2FFOREST-1%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20sure%20how%20to%20resolve%20this%2C%20can't%20find%20any%20related%20cases%20or%20documentation%20other%20than%3A%C3%82%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsocial.msdn.microsoft.com%2FForums%2Fazure%2Fen-US%2Fe4112aa0-3b59-4e2c-b786-9c56b008352e%2Fazure-ad-connect-on-stand-alone-server%3Fforum%3DWindowsAzureAD%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsocial.msdn.microsoft.com%2FForums%2Fazure%2Fen-US%2Fe4112aa0-3b59-4e2c-b786-9c56b008352e%2Fazure-ad-connect-on-stand-alone-server%3Fforum%3DWindowsAzureAD%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-107031%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-151913%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20on%20Stand-Alone%20Server%20(Multi-forest)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-151913%22%20slang%3D%22en-US%22%3ENo%2C%20I%20also%20resolved%20this%20by%20creating%20the%20account%20manually%20and%20setting%20the%20rights%20manually.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-151911%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20on%20Stand-Alone%20Server%20(Multi-forest)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-151911%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20ever%20find%20an%20answer%20to%20this%3F%26nbsp%3B%20I've%20moved%20on%20to%20manually%20creating%20a%20service%20account%20for%20AD%20Sync%20to%20use%2C%20but%20would%20be%20more%20efficient%20to%20just%20let%20AD%20Connect%20create%20the%20account.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I've got a setup with AAD Connect on a stand-alone server.

Set up of DNS forward lookup zones completed as found documented, but getting following error:

 

An error occurred while auto creating an account in the forest <Forest-1>. Current security context is not associated with an Active Directory domain or forest.

 

I'm not sure how to resolve this, can't find any related cases or documentation other than: 

https://social.msdn.microsoft.com/Forums/azure/en-US/e4112aa0-3b59-4e2c-b786-9c56b008352e/azure-ad-c...

 

2 Replies
Highlighted

Did you ever find an answer to this?  I've moved on to manually creating a service account for AD Sync to use, but would be more efficient to just let AD Connect create the account.

Highlighted
No, I also resolved this by creating the account manually and setting the rights manually.