AD Troubleshooting
Common issues with AD sync, migration, and acquisition.
LDAP Connection Issues
- Error 53: TLS required for password operations. Enable STARTTLS or LDAPS.
- Error 49: Invalid credentials. NTLM auth requires
DOMAIN\userformat. - Error 32: Base DN does not exist. Verify the distinguished name.
- Timeout: Check network connectivity to the DC.
Azure AD / Graph API Issues
- 403 Forbidden: Missing API permissions.
- 409 Conflict: Resource already exists. Verify UPN is not soft-deleted.
- 404 Not Found: Object does not exist. Retry with backoff (eventual consistency, 5-10s delays).
Samba AD DC Limitations
| Feature | Microsoft AD | Samba AD |
|---|---|---|
| User create/update | Full | Full |
| Group membership | Full | Full |
| Password reset | Full | Full (TLS required) |
| OU create | Full | Limited |
| Cross-domain moves | Full | Not supported |
| PSO (Fine-grained) | Full | Not supported |