Share via

Active Directory Connector for AWS

Jeremy Green 101 Reputation points
2021-06-15T10:22:12.007+00:00

I would really appreciate some assistance. I am setting up an AWS Managed Microsoft AD connector. It will point back to our Azure O365 office installation. AWS require very few parameters, but I am running into issues with DNS. The parameters they ask for are:

  • Directory DNS Name – This is the DNS domain name from Azure. ad.ourdomain.com
  • DNS IP addresses – Use the IP addresses from the IP address on virtual network. 12.123.12.123
  • Service account username and password

Our AD is on Microsoft 365, so in Azure, I can see it as ad.ourdomain.com. I then put in the following DNS records at our provider. The IPs are changed for anonymity. 

ad.ourdomain.com   A   12.123.12.123
_ldap._tcp.ourdomain.com    SRV  0 0 389 ad.ourdomain.com
_kerberos._tcp.ourdomain.com   SRV  0 0 88 ad.ourdomain.com
_ldap._tcp.dc._msdcs.ourdomain.com  SRV  0 0 389 ad.ourdomain.com
_kerberos._tcp.dc._msdcs.ourdomain.com  SRV  0 0 88 ad.ourdomain.com

For the DNS address I went looking for the Azure DNS server address, but found it is the same as the load balancer, which is the same as the ad.ourdomain.com above. I also found that the _ldap / _kerberos aliases need to refer to that IP address.

I would really appreciate someone giving me some advice on what I am doing wrong. Thank you!

My current error is: 

Configuration issues detected: SRV record for LDAP does not exist for IP: 10.44.0.2, SRV record for Kerberos does not exist for IP: 10.44.0.2. Please verify existing configuration and retry the operation.
Microsoft Security | Microsoft Entra | Microsoft Entra ID

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.