Setting up LDAPS issues

Luke Rohrbaugh 1 Reputation point
2021-05-03T17:06:51.04+00:00

I have ran through and setup Azure Active Directory Domain Services using the knowledge bases created by Microsoft. There are no errors and everything looks correct. I enabled LDAPs according to documentation too and imported a wildcard certificate into it. No errors there. I created a A record for AADDS.ourdomain.com and pointed it to the external IP address provided in the console by Azure. I am able to resolve that ip address using the host name. Also, I setup the security rule to allow port 636. Currently it's an any any rule as I want to rule out that as a possibility. I go to add a local server to the azure domain and receive the error message below. Any help would be greatly appreciated. Thank you.

Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "aadds.lightwavedental.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.aadds.lightwavedental.com

Common causes of this error include the following:

  • The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

8.8.8.8
10.254.254.1

  • One or more of the following zones do not include delegation to its child zone:

aadds.ourdomain.com
ourdomain.com
com
. (the root zone)

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
592 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,436 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-05-18T09:18:37.263+00:00

    @Luke Rohrbaugh Thanks for reaching out and sincere apologies for delay on this.

    In order for a VM server to be connected to the AADDS, Your VM must connect to an Azure virtual network subnet that can communicate with the subnet your managed domain is deployed into.
    We recommend that a managed domain is deployed into its own dedicated subnet. Don't deploy your VM in the same subnet as your managed domain.

    There are two main ways to deploy your VM and connect to an appropriate virtual network subnet:

    1) Create a, or select an existing, subnet in the same the virtual network as your managed domain is deployed.
    2) Select a subnet in an Azure virtual network that is connected to it using Azure virtual network peering.

    Read more here : https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm

    If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community

    0 comments