An administrator is trying to add a second Active Directory domain to an already configured directory integration.
When the administrator tries to add a user from the newly added domain, the system cannot find the user.
What are two possible causes? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AE.
When an administrator is trying to add a second Active Directory domain to an already configured directory integration and cannot find the user from the newly added domain, there could be several possible causes. Here are two of them:
A. The service account specified does not have any rights in the added domain:
In this case, the administrator may have specified a service account that does not have the necessary rights to access the newly added domain. To resolve this issue, the administrator should make sure that the service account has the appropriate permissions in the added domain. The account should be granted the "Read" permission for user objects in the added domain.
B. The second domain is not a member of Global Catalog:
In this case, the newly added domain may not be a member of the Global Catalog. The Global Catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a forest. To resolve this issue, the administrator should make sure that the newly added domain is a member of the Global Catalog. This can be done by adding the domain controller for the newly added domain to the Global Catalog Servers group in Active Directory Sites and Services.
C. The newly added domain is not in the same forest:
This is not one of the possible causes listed in the question, but it's worth mentioning that if the newly added domain is not in the same forest as the existing domain, it cannot be added to the existing directory integration. A directory integration can only include domains within the same forest. In this case, the administrator would need to set up a new directory integration for the newly added domain.
D. There is a trust relationship established between the domains:
If there is a trust relationship established between the domains, users from the newly added domain should be able to be found in the existing directory integration. In this case, the issue may be related to the configuration of the trust relationship, such as an issue with name resolution or authentication. The administrator should check the configuration of the trust relationship to ensure that it is set up correctly.
E. The administrator is using a service account with the Domain User Role assigned:
This is not one of the possible causes listed in the question, but it's worth mentioning that the administrator should use a service account with the appropriate permissions for the directory integration. The service account should be assigned the "Domain Admins" role or a custom role that includes the necessary permissions for the directory integration. If the service account only has the "Domain User" role assigned, it may not have the necessary permissions to access user objects in the newly added domain.