Add a new Forest to the existing AD Connect


  1. Make sure your domain name is available on the internet. Go to your domain provider (godaddy, etc), search for the domain, if available, buy it.
  2. Create an account for the AD management agent – svcfimadma – Several items should be done regarding domain rights for this account
    1. Give this account enterprise admin rights for the installation and remove after installation. .
    2. Give this account read/write rights to all account OUs and Replicating Directory changes rights
    3. Permission Used for
        Replicate Directory Changes

        Replicate Directory Changes All

      Password sync
      Read/Write all properties User Import and Exchange hybrid
      Read/Write all properties iNetOrgPerson Import and Exchange hybrid
      Read/Write all properties Group Import and Exchange hybrid
      Read/Write all properties Contact Import and Exchange hybrid
      Reset password Preparation for enabling password writeback
    4. In ADUC, go to the template object and add the FIM AD account with full control. See this post
  1. Verify your domain.
  • Login to Azure AD
  • Go to the dashboard.
  • Go to Active directory.
  • Click domains, add your own domain, you will be asked to verify. Some information will be given to you.
  • Go to your provider (Godaddy, etc), go to manage domains, select your new domain, click DNS add a TXT record with the info provided by the verification screen.
  • Go back to the verification screen and click verify
  1. Go to your AD Connect Server. Login with a local Admin account. Run the AD Connect wizard on your desktop.

Select Customize Synchronization options

Enter the Azure AD Account info

Enter new forest AD MA info. Click Add the new directory. Click Next

Click Next and the Schema of the new directory will be retrieved

Select what OUs will be synced. Click Next

No change to Organizational options. Click Next

Click Install to finish