Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,171 questions
AD Connect Server behind NAT
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 76%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHR%3C/text%3E%3C/svg%3E)
Hasan Reza
161
Reputation points
dear All,
We have parent entity "msg.local" which currently has the AD Connect Server deployed.
We have Child entity "Det.local" which is having the user/computer object,
We would like to sync the det.local objects via AD Connect Server in Parent Entity,
Current Setup
Parent Entity "msg.local" and Child Entity "Det.local" are connected via S2S tunnel , there is no AD level Trust between the two entity,
Challenge
Due to Security reason the AD Connect Server cannot be directly exposed, as per Security team it is suggested that AD Connect server in parent office would be having NATed IP.
The Child entity AD would Connect to AD Connect Server Nated Ip
Proposed Resolution
We are aware that as per MS the AD Connect does not work with NAT , however in our case the child AD Forest is not behind NAT , it is only the AD Connect , so when AD Connect server is connecting or querying the Child Entity DNS server objects , it would get the actual IP address and AD connect can connect to it without any issue , only the Child Entity AD would find the AD Connect ip Address as Nated,
Ref:
NAT and ADConnect
Active Directory over NAT
We are looking for expert opinion on any challenges with this setup, the above is currently being tested in our lab without any challenges,
Regards - Hasan Reza
{count} votes
-
Hasan Reza 161 Reputation points
2024-03-20T05:44:21.7+00:00 Kindly note that Parent and Child domain Do not have Trust and AD Connect Server is deployed in Parent entity.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 15,336 Reputation points Microsoft Employee2024-03-25T08:20:56.4133333+00:00 Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will get back to you post my research.
-
Hasan Reza 161 Reputation points
2024-03-25T12:51:41.94+00:00 Awaiting your earliest availability response
-
Hasan Reza 161 Reputation points
2024-05-23T14:01:53.84+00:00 can response or comment , i have this setup running in my lab for the past 2 months now
still awaiting :-)
Sign in to comment