Share via

Entra Connect and AD DS having a weird LDAP error

Wyatt C 20 Reputation points
2024-09-13T04:00:44.7766667+00:00

Hello,

I am working to configure and install Azure Active Directory Connect 2.3.20.0 on a new domain with a relatively stock Azure tenant and am struggling with the first sync. The Azure user is global admin, and the directory user is the administrator account on the primary DC.

Screenshot 2024-09-12 214759

And here is our error message:User's image Reviewing the error logs, this seems to be the error that kicks things off:

[19:44:37.714] [ 19] [ERROR] ADPowerShellQueyProvider:SearchAdSyncDirectoryObjects Failed to run the ldap search query. Parameter values passed to PowerShell: 
 ForestFqdn : STRING-A.net  
 AdConnectorId : GUID-A 
 PropertiesToRetrieve : msDS-DeviceLocation,name,displayName,distinguishedName,objectClass 
 NamingContextType : Configuration 
 BaseDnType : Relative 
 AdConnectorUserName : STRING-A.NET\MSOL_463afbdf0c6c 
 BaseDn : CN=Services 
LdapFilter : (objectClass=msDS-DeviceRegistrationService) 
 SearchScope : Subtree 
 AllowUnreachableDomain : False 
 SizeLimit : 0 
 Exception Details : 
 System.Management.Automation.CmdletInvocationException: Exception details => 
Type => System.ArgumentOutOfRangeException
StartIndex cannot be less than zero.

"CN=Services" isn't a good base DN. My guess is they meant to do "CN=Services,CN=Configuration,DC=SRING-A,DC=net". Any suggestions?

Our domain was built on Windows Server 2022 with functional level 2016.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,457 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,450 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh 8,950 Reputation points Microsoft Vendor
    2024-09-19T16:10:56.6366667+00:00

    Hi @Wyatt C

    Thank you for reaching Microsoft Q&A forum!

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue:

    when you are configuring the Entra connect you are getting error message says An error occurred executing Configure AAD Sync task: An error occurred while sending the

    Solution:

    You have resolved your issue by enforcing the TLS 1.2

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.