'Windows authentication' to the 'MS SQL Server' in AWS instance (Windows Server 2019) joined to the Azure AD DS 'management.com' domain from on-premise AD 'green.orange.com'.

Question

1. On-premise AD domain 'green.orange.com' with installed Azure AD Connect.
2. Azure domain 'management.com'.
3. AWS Domain joined instance to the 'management.com'.
4. MS SQL Server with a Mixed authentication.

AWS instance joined to the AAD DS with a 'management.com' domain and can retrieve 'Objects & Users' from on-premise AD 'green.orange.com'.
When I do a connection through the 'Microsoft SQL Server Management Studio' to the 'SQL Server' joined to the 'management.com' domain from on-premise AD infrastructure I getting such messages:
SQL Server authentication - success;
Windows Authentication : Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication. (.Net SqlClient Data Provider) [Error 18452].
Azure Active Directory - Password : A connection was successfully established with the server, but then an error occurred during the login process.
Azure Active Directory - Integrated : A connection was successfully established with the server, but then an error occurred during the login process.

How to allow access with Windows Auth. How to create a trust between two domains on-pem. & AAD DS (SPNs/Kerberos)?

Thank you!

Answer 1

The problem is related with user forest but should be resource forest. By default AAD DS configured as user forest.