Azure AD Connect fails – “The user name or password is incorrect” when adding a second Active Directory Forest

I came across this issue recently and wanted to shared my experience

Environment

The organization has the following configuration

  1. Office 365 tenant
  2. Azure AD Connect configured and synchronizing Active Directory Forest A

Requirement

  1. Synchronize Active Directory Forest B into the same Office 365 tenant

As per the supported topologies for Azure AD Connect here this can be achieved using the same instance of Azure AD Connect.  No forest trust required, but some pre-req’s are required as outlined here including Firewall ports (listed here) , DNS Name resolution (using a Conditional Forwarder -see discussion here) and an account in Forest B with Enterprise Admins permissions. read more