none
Azure AD Connect Installation - Local Domain Unreachable

    Question

  • I am in the process of setting up Azure AD connection using the Azure AD Connect tool with on-prem AD using ADFS. When going through the Wizard I have no issues connecting to Azure, validating my domains, and connection to the on-prem AD with a user who has the correct privileges. When I run into an error I am at the Domain and OU filtering section, I select "Sync selected domains and OUs", I select my on-prem domain and when I attempt to open the tree I get a warning triangle the says DOMAIN STATUS This domain is currently unreachable. I can keep it check and continue on but when I go to Identify users to sync it cannot find the group DN I add.

    I am not sure what the issue is as the logs don't give me a start answer. Some additional notes:

    - Both the AD Connect server and my DC reside on the same network segment.

    - I do have 2 domains. My external domain is contoso.com where my on-prem ad domain is contoso-ad.contoso.com.

    - Both domains are verified on Azure.

    Thursday, April 13, 2017 5:37 PM

All replies

  • Here is a section from the log file where I run into trouble:

    [  9] [ERROR] ADPowerShellQueyProvider:SearchAdSyncDirectoryObjects Failed to run the ldap search query. Parameter values passed to PowerShell:
     ForestFqdn : contoso-ad.contoso.com 
     AdConnectorId : fc75d0bb-c07f-4eb1-a6d7-d56df04d6e79
     PropertiesToRetrieve : name,displayName,distinguishedName,objectClass
     NamingContextType : None
     BaseDnType : Absolute
     AdConnectorUserName : contoso-ad.contoso.com\connectadmin
     BaseDn : DC=contoso-ad,DC=contoso,DC=com
    LdapFilter : (|(objectClass=addressBookContainer)(objectClass=applicationProcess)(objectClass=builtinDomain)(objectClass=classStore)(objectClass=computer)(objectClass=configuration)(objectClass=container)(objectClass=country)(objectClass=crossRefContainer)(objectClass=dfsConfiguration)(objectClass=dMD)(objectClass=dnsZone)(objectClass=domain)(objectClass=domainDNS)(objectClass=domainPolicy)(objectClass=dXASiteServer)(objectClass=exchangeAdminService)(objectClass=fileLinkTracking)(objectClass=infrastructureUpdate)(objectClass=intellimirrorGroup)(objectClass=interSiteTransport)(objectClass=interSiteTransportContainer)(objectClass=linkTrackObjectMoveTable)(objectClass=linkTrackVolumeTable)(objectClass=locality)(objectClass=lostAndFound)(objectClass=mS-DirSync-Session)(objectClass=mS-SQL-OLAPDatabase)(objectClass=mS-SQL-OLAPServer)(objectClass=mS-SQL-SQLServer)(objectClass=msDS-AzAdminManager)(objectClass=msDS-AzApplication)(objectClass=msDS-AzScope)(objectClass=msDs-DeviceContainer)(objectClass=msDS-QuotaContainer)(objectClass=msExchAdminGroup)(objectClass=msExchAdminGroupContainer)(objectClass=msExchAdvancedSecurityContainer)(objectClass=msExchChatNetwork)(objectClass=msExchChatProtocol)(objectClass=msExchChatVirtualNetwork)(objectClass=msExchConferenceContainer)(objectClass=msExchConferenceSite)(objectClass=msExchConfigurationContainer)(objectClass=msExchConnectors)(objectClass=msExchContainer)(objectClass=msExchContentConfigContainer)(objectClass=msExchExchangeServer)(objectClass=msExchIMGlobalSettingsContainer)(objectClass=msExchMCUContainer)(objectClass=msExchMessageDeliveryConfig)(objectClass=msExchOrganizationContainer)(objectClass=msExchProtocolCfgHTTPContainer)(objectClass=msExchProtocolCfgHTTPFilters)(objectClass=msExchProtocolCfgIMAPContainer)(objectClass=msExchProtocolCfgIMContainer)(objectClass=msExchProtocolCfgNNTPContainer)(objectClass=msExchProtocolCfgPOPContainer)(objectClass=msExchProtocolCfgProtocolContainer)(objectClass=msExchProtocolCfgSMTPContainer)(objectClass=msExchProtocolCfgSMTPIPAddressContainer)(objectClass=msExchRecipientPolicyContainer)(objectClass=msExchReplicationConnectorContainer)(objectClass=msExchRoutingGroup)(objectClass=msExchRoutingGroupContainer)(objectClass=msExchServersContainer)(objectClass=msExchStorageGroup)(objectClass=msExchSystemObjectsContainer)(objectClass=msExchSystemPolicyContainer)(objectClass=msMMS-Connector)(objectClass=msMMS-Instance)(objectClass=mSMQConfiguration)(objectClass=mSMQEnterpriseSettings)(objectClass=msPKI-Enterprise-Oid)(objectClass=msWMI-MergeablePolicyTemplate)(objectClass=msWMI-PolicyType)(objectClass=msWMI-Som)(objectClass=mTA)(objectClass=nTDSDSA)(objectClass=nTDSService)(objectClass=nTFRSMember)(objectClass=nTFRSReplicaSet)(objectClass=nTFRSSettings)(objectClass=nTFRSSubscriptions)(objectClass=organization)(objectClass=organizationalUnit)(objectClass=physicalLocation)(objectClass=protocolCfgHTTPServer)(objectClass=protocolCfgIMAPServer)(objectClass=protocolCfgPOPServer)(objectClass=protocolCfgSharedServer)(objectClass=protocolCfgSharedSite)(objectClass=protocolCfgSMTPDomainContainer)(objectClass=protocolCfgSMTPServer)(objectClass=rpcProfile)(objectClass=rpcServer)(objectClass=server)(objectClass=serversContainer)(objectClass=serviceConnectionPoint)(objectClass=site)(objectClass=sitesContainer)(objectClass=subnet)(objectClass=subnetContainer))
     SearchScope : OneLevel
     AllowUnreachableDomain : False
     SizeLimit : 0
     Exception Details :
     System.Management.Automation.CmdletInvocationException: Error HRESULT E_FAIL has been returned from a call to a COM component. ---> System.Runtime.InteropServices.COMException: Error HRESULT E_FAIL has been returned from a call to a COM component.
       at MmsServerRCW.IMMSServer2.SearchADSyncDirectoryObjects(String forestFqdn, Guid& adConnectorGuid, String namingContextType, String baseDnType, String baseDn, String ldapFilter, String searchScope, String propertiesToLoad, String userDomain, String userName, String password, Int32 allowUnreachableDomain, Int32 sizeLimit, String& outputSerializedResult)
       at Microsoft.DirectoryServices.MetadirectoryServices.UI.WebServices.MMSWebService.SearchADSyncDirectoryObjects(String forestFqdn, Guid adConnectorId, String namingContextType, String baseDnType, String baseDn, String ldapFilter, String searchScope, String propertiesToRetreiveList, String userDomain, String userName, String password, Boolean allowUnreachableDomain, Int32 sizeLimit)
       at Microsoft.IdentityManagement.PowerShell.Cmdlet.AdSyncDirectorySearchResult.ProcessRecord()
       --- End of inner exception stack trace ---
       at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
       at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
       at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
       at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
       at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
       at Microsoft.Online.Deployment.PowerShell.LocalPowerShell.Invoke()
       at Microsoft.Online.Deployment.PowerShell.PowerShellHelper.InvokeAndThrow(IPowerShell powerShell, Command command, Boolean throwExceptionOnError)
       at Microsoft.Online.Deployment.Types.Providers.SyncEngineQueryProvider.SearchAdSyncDirectoryObjects(String forestFqdn, Guid adConnectorId, NamingContextType namingContextType, BaseDnType baseDnType, String baseDn, String ldapFilter, SearchScope searchScope, String[] propertiesToRetrieve, PSCredential adConnectorCredential, Boolean allowUnreachableDomain, Int32 sizeLimit)

    Thursday, April 13, 2017 7:32 PM
  • Here is a 6306 Error Event from the Application log in Event Viewer:

    The server encountered an unexpected error while performing an operation for the client.

    "BAIL: MMS(3836): LdapUtils.cpp(79): 0x80004005 (Unspecified error): System.Runtime.InteropServices.COMException (0x8007202B): A referral was returned from the server.

     

       at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()

       at System.Linq.Enumerable.<OfTypeIterator>d__92`1.MoveNext()

       at Microsoft.MetadirectoryServices.LDAPQueryClient.ReturnAdSearchResults.GetAllSearchResultsFromForest(String ldapSearchFilter, SearchScope searchScope, String forestName, String username, SecureString password, IList`1 propertiesToLoad, Boolean allowUnreachableDomain, Int32 sizeLimit)

       at Microsoft.MetadirectoryServices.LDAPQueryClient.ReturnAdSearchResults.GetSearchResults(String forestFqdn, String baseDn, String ldapFilter, String searchScope, String propertiesToLoadSerialized, PSCredential credential, Boolean allowUnreachableDomain, Int32 sizeLimit)

       at Microsoft.MetadirectoryServices.LDAPQueryClient.LdapClient.GetQualifyingSearchResults(String forestFqdn, String namingContextType, String baseDnType, String baseDn, String ldapFilter, String searchScope, String propertiesToLoadSerialized, String userDomain, String userName, SecureString password, Boolean allowUnreachableDomain, Int32 sizeLimit)

       at LdapUtils.GetSearchResults(Char* forestFqdn, Char* namingContextType, Char* baseDnType, Char* baseDn, Char* ldapFilter, Char* searchScope, Char* propertiesToLoad, Char* userDomain, Char* userName, Char* password, Int32 allowUnreachableDomain, Int32 sizeLimit, Char** outputSerializedResult)BAIL: MMS(3836): ..\server.cpp(12400): 0x80004005 (Unspecified error)

    Azure AD Sync 1.1.484.0"

    Thursday, April 13, 2017 7:59 PM
  • Suggest you to create a Technical Support Ticket as we would need sensitive information from you like your Subscription and Tenant details for deeper investigation on this.
    Friday, April 14, 2017 12:11 PM
    Moderator
  • Hi, I'v got the same error while trying to filter the seach for OUs: did you ever find a solution for it ?

    thanks.
    Saturday, October 28, 2017 2:48 PM
  • Same problem.  Any publicly available solution?
    Tuesday, January 30, 2018 3:54 PM
  • Do you have RODCs in your environment?

    https://blogs.technet.microsoft.com/undocumentedfeatures/2017/04/04/aad-connect-error-cd-8235-exporting-to-ad-connector/

    Monday, February 05, 2018 9:02 PM