- Newest
- Most votes
- Most comments
The part we were missing is adding IP routing (on-premise is in public IP CIDR range) under the Networking&Security tab in Directory Service, you can read it at https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_setup_trust.html at number 10 under "Create, Verify, or Delete a Trust Relationship".
In addition if anyone runs into an issue creating a trust. It's good to note that the Managed AD Security Group assigned to your directory only allows outbound communications to itself. If you need to create a trust, you will need to add a rule that allows outbound communications to the domain controllers that you are creating a trust with this. This needs to be done before creating your conditional forwarder as well, or you will get a failure in creating the trust due to communication issues.
Relevant content
- Accepted Answerasked 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago