AD Connector uses Kerberos for authentication and authorization of AWS applications. LDAP is only used for user and group object lookups (read operations). With the LDAP transactions, nothing is mutable and credentials are not passed in clear text. Authentication is handled by an AWS internal service, which uses Kerberos tickets to perform LDAP operations as a user.
AD Connector needs to obtain the _ldap._tcp.<DnsDomainName> and _kerberos._tcp.<DnsDomainName> SRV records when connecting to your directory. You will get this error  if the service cannot obtain these records from the DNS servers that you specified when connecting to your directory. For more information about these SRV records, see SRV record requirements -- 
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html#srv_records --  https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_troubleshooting.html -- 
- AWS OFFICIALUpdated 2 years ago
- Can I use AWS Directory Service for Microsoft Active Directory to authenticate users in Amazon QuickSight?AWS OFFICIALUpdated 3 years ago
- How do I diagnose trust creation issues between AWS Managed Microsoft AD and a Microsoft Active Directory?AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- EXPERTpublished 4 months ago