7,023 questions
Microsoft365 and new on-prem AD: Domain double suffix
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 40%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JR
1
Reputation point
I have had a domain on Microsoft 365 for many years now. For example sake, call it: mydomain.com
I have recently created an on-prem AD server.
To try to keep things seperate, I have name my AD server: idm.mydomain.com
I am now at the stage I want to join machines to the domain. However, when I try to it fails.
I notice that whenever I do an nslookup, I am getting the following response
Non-authoritative answer:
Name: cnn.com.mydomain.com
Address: (MS 365 IP Address here)
The exact error I get when attempting to join a machine to the domain is:
An Active Directory Domain Controller (AD DC) for the domain "idm.mydomain.com" could not be contacted.
Ensure that the domain name is typed correctly.
In the trouble shooting screen:
The error was: "No records found for the given DNS query"
(error code 0x0000251D DNS_IINFO_NO_RECORDS)
The query was for SRV record for _ldap._tcp.dc._msdcs.idm.mydomain.com
I realize that this means something in my DNS server is incorrect and likely has to do with M365 DNS as well.
Could someone point me in the right direction?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Sign in to answer