I came across this issue recently and wanted to shared my experience
The organization has the following configuration
- Office 365 tenant
- Azure AD Connect configured and synchronizing Active Directory Forest A
- Synchronize Active Directory Forest B into the same Office 365 tenant
As per the supported topologies for Azure AD Connect here this can be achieved using the same instance of Azure AD Connect. No forest trust required, but some pre-req’s are required as outlined here including Firewall ports (listed here) , DNS Name resolution (using a Conditional Forwarder -see discussion here) and an account in Forest B with Enterprise Admins permissions.
The problem I ran into was that even after having all the pre-req’s in place, when I tried to add Forest B to the configured directories, by clicking on “Add Directory” and entering the Enterprise Admin credentials for Forest B using the FQDN
I would get the following error: “The username or password is incorrect”
The following error is logged in the trace file in C:\ProgramData\AADConnect
[ERROR] Caught exception while retrieving forest FQDN. Try using FQDNs for all forest and domain names.
Exception Data (Raw): System.Security.Authentication.AuthenticationException: The user name or password is incorrect.
—> System.Runtime.InteropServices.COMException: The user name or password is incorrect.
A number of troubleshooting steps were carried out including
- Verifying required firewall ports were in place
- Verifying DNS name resolution
- Verifying the account being used was and enterprise admin
The solution in the end I found here and it was not what I expected.
Before clicking “Add Directory”, replace the default FOREST A with the new FOREST B. Then click “Add Directory” and enter the details for an Enterprise Admin in Forest B
Click OK and Forest B added successfully