System discovery of an untrusted forest fails with 0x8007052E

I got a question from one of my customers the other day that was an easy, but not obvious, answer.  They had SCCM 2012 setup in Forest A but wanted to discover machines in forest B.  They supplied alternative credentials with the correct username and password for this other domain\forest but kept getting back a 0x8007052E error, which translates to “Logon failure: unknown user name or bad password.”

 

That error is, unfortunately, a misleading error.  There is nothing wrong with the username or the password.  The real problem was in the formulation of their LDAP query.  They needed to add a named DC to the query for it to run correctly, which was not an obvious thing to do.  The solution syntax was to formulate the LDAP query that looked similar to this:

LDAP://RemoteDC.remotedomain.com/DC=remotedomain,DC=com