Q&A: Can I join in an Active Directory Forest?

scheinig · November 25, 2021, 8:48am

Question:

Can I join in an Active Directory Forest?
This concerns Forest AD only!

Answer:

~~Unfortunately this is not possible right now.~~ We addressed this in 2 Bugs:
Yes since 5.0 errata862 we can join into AD forest.

With UCS 5 (Bug 53944) :

04.10.21 11:46:37.054 MODULE ( PROCESS ) : Failed to lookup attribute Schema from AD: {'desc': 'No such object', 'matched': 'DC=subdom,DC=example,DC=org', 'info': "0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'DC=subdom,DC=example,DC=org'\n"}
04.10.21 11:46:37.054 MODULE ( ERROR ) : well-known-sid-object-rename failed with 1 ()
04.10.21 11:46:37.054 MODULE ( ERROR ) : Join process failed [connectionFailed]: well-known-sid-object-rename failed with 1 ()
04.10.21 11:46:37.054 MODULE ( ERROR ) : Eine Verbindung zum AD-Server beam-dc02.subdom.example.org konnte nicht hergestellt werden. Bitte überprüfen Sie Benutzername und Password. (Details:
well-known-sid-object-rename failed with 1 ())
04.10.21 11:46:37.055 MODULE ( PROCESS ) : Der Domänenbeitritt wurde mit Fehlern abgeschlossen.
04.10.21 11:46:37.255 MODULE ( PROCESS ) : Revert UCR settings

With UCS 4.4 the join is possible, but the ad-connector is not working anymore. (Bug 54041)

Failed to lookup attribute Schema from AD: {'info': "0000208D: NameErr: DSID-03100241, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'DC=subdom,DC=example,DC=org'\n", 'matched': 'DC=subdom,DC=example,DC=org', 'desc': 'No such object'}

scheinig · November 25, 2021, 11:12am