System discovery of an untrusted forest fails with 0x8007052E

I got a question from one of my customers the other day that was an easy, but not obvious, answer.  They had SCCM 2012 setup in Forest A but wanted to discover machines in forest B.  They supplied alternative credentials with the correct username and password for this other domain\forest but kept getting back a 0x8007052E error, which translates to “Logon failure: unknown user name or bad password.”


That error is, unfortunately, a misleading error.  There is nothing wrong with the username or the password.  The real problem was in the formulation of their LDAP query.  They needed to add a named DC to the query for it to run correctly, which was not an obvious thing to do.  The solution syntax was to formulate the LDAP query that looked similar to this:


Comments (5)
  1. Ken Jeffreys says:

    That's awesome great tip thanks!

  2. Trevor Brown says:

    AWESOME POST!!!! I've been looking for a reason I couldn't authenticate to the DMZ for over a week!

  3. Darren Anderton says:

    Bang on the money. Thanks for posting this, simple enough fix but never would have occurred to me to add in the server name

  4. Marc AMOUZOUN says:

    thank you for you posting, Mike Griswold.

  5. nicolas says:


Comments are closed.

Skip to main content