By using AWS re:Post, you agree to the Terms of Use

AD Connector-Unable to connect to the On-Premises Active Directory

0

I am trying to create a AD Connector to connect to On-prem Active Directory. I am seeing the below error

Configuration issues detected: SRV record for LDAP does not exist for IP: 10.0.0.10, SRV record for Kerberos does not exist for IP: 10.0.0.10. Please verify existing configuration and retry the operation.

1 Answer
1

AD Connector uses Kerberos for authentication and authorization of AWS applications. LDAP is only used for user and group object lookups (read operations). With the LDAP transactions, nothing is mutable and credentials are not passed in clear text. Authentication is handled by an AWS internal service, which uses Kerberos tickets to perform LDAP operations as a user.

AD Connector needs to obtain the _ldap._tcp.<DnsDomainName> and _kerberos._tcp.<DnsDomainName> SRV records when connecting to your directory. You will get this error [2] if the service cannot obtain these records from the DNS servers that you specified when connecting to your directory. For more information about these SRV records, see SRV record requirements -- [1]

Error Link-

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html#srv_records -- [1] https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_troubleshooting.html -- [2]

SUPPORT ENGINEER
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions