Please help me get my Synology DS and other PCs to join my Azure Domain

Boris Dudelsack 20 Reputation points
2023-05-12T12:50:19.1366667+00:00

Hello,

i'm trying to integrate my local network with the Azure AD. I've already configured Azure AD Domain Services, IPSec Connection and DNS Forwarding which lets me discover the domain in my local network.

λ sudo adcli info domain.example

[domain]
domain-name = domain.example
domain-short = DOMAIN
domain-forest = domain.example
domain-controller = U3BWW71YZG0EFNK.domain.example
domain-controller-site = Default-First-Site-Name
domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable full-secret ads-web
domain-controller-usable = yes
domain-controllers = U3BWW71YZG0EFNK.domain.example cw579df3-l6aidm.domain.example
[computer]
computer-site = Default-First-Site-Name

(domain name changed)

A Windows PC could join the domain without problems.

I'm struggling with LDAP(S) access and getting Synology DS to join the domain. I alway getting "invalid Credentials" on LDAPS Bind. While Synology tries to join the domain it just hans on "Checking authentication ..." phase.

I had of course reset my password after Azure AD DS creation for it to sync the hash.

I'm just clueless. How can i check if my LDAPs and DS configured correctly?

Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,473 questions
Accepted answer
  1. Sandeep G-MSFT 14,486 Reputation points Microsoft Employee
    2023-05-16T10:50:15.3366667+00:00

    @Boris Dudelsack

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "[The question author cannot accept their own answer. They can only accept answers by others] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#why-only-one-accepted-answer)**)", I'll repost your solution in case you'd like to "[Accept] (https://docs.microsoft.com/en-us/answers/support/accepted-answers#accepted-answer-in-a-question-thread)**)" the answer.

    As per your solution you used the credentials as "user@domain.example" instead of "DOMAIN\user".

    It is always recommended to use the credentials as "user@domain.example" instead of "DOMAIN\user" while working with Azure AD domain services. Azure AD DS always recognizes the user account in the format of "user@domain.example".

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest