Share via

Using WAAD to AD Connect

Anonymous
2016-01-18T04:24:05+00:00

Hi,

I need help here. I have 2 separate forest being synced to azure AD using Windows Azure Active Directory Sync(WAAD). One forest with a single domain and the other forest is a multiple domains. I have always faced problems about password synchronization not working properly or SQL server service won't start due to some unknown error and eating away the server's memory after reboot. 

Since i have 2 active directory forest synced on a single azure domain, how can i move in using the AD Connect. Are there any differences on how they synced the users? I am planning to do an in-place upgrade on the other domain's WAAD. Can i also add my other forest since it was supported in AD Connect after the upgrade?

Thanks,

Glem

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2016-01-20T03:10:47+00:00

Hi Glem,

Is it a requirement that the ADConnect server must be a member server of a domain for multiple forest?

Do you mean whether the sync server should be domain-joined? If so, the answer is yes. The sync server on which the AADConnect tool is installed needs to be domain-joined.

About your further description, my understanding is that you’re having difficulties adding the second forest to the AADConnect configuration. Is it true that you haven’t set up the trust relationship between the second forest and the first one? If yes, please set up the trust relationship. It is required for multi-forest synchronization scenario.

Let me know if you have any further concerns.

Thanks,

Allen

Was this answer helpful?

0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-01-19T20:27:03+00:00

    Hi Allen,

    Thanks for the help. One more question is it a requirement that the ADConnect server must be a member server of a domain for multiple forest? I've already have finished the setup with my ADConnect Sync for the 2 forest and my server is a member of the other domain. The thing that bothers me is when I add my other domain it fails to retrieve the domain that im going to add. This happens only when i'm using AD credential from the other domain which don't have a trust relationship but when using a AD credential from a forest trusted child domain it works.

    For ex.

    Forest1.com <Trust Relationship TwoWay> domain.forest2.com

    Forest2.com <No Trust Relationship>Forest1.com

    Adding my forest to ADConnect:

    Forest1.com (successful)

    Forest2.com (fails using AD Credential of Forest2.com with Domain and Enterprise admin Privilege)

    Readding Forest2.com using AD Credential of domain.forest2.com (Enterprise admin privilege succeeded)

    All domain's are DNS resolvable.

    Just wondering if this happens only since my ADConnect server belongs to Forest1.com.

    Thanks,

    Glem

    Was this answer helpful?

    0 comments
  2. Anonymous
    2016-01-18T23:11:31+00:00

    Hi Glem,

    The answer is YES. The scenario including multiple forests and one single sync server is supported by the AAD Connect. For detailed information about the supported scenarios, please refer to Topologies for Azure AD Connect -> Multiple forests, single Azure AD directory.

    As to the question “Are there any differences on how they synced the users?”, I’d like to explain that the basic synchronization theory is the same. The AAD Connect tool is just designed with more options and features so administrators can have more choices, and achieve their goals more conveniently.

    Thanks,

    Allen

    Was this answer helpful?

    0 comments