FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes when users will see the AD connector showing down.
Scope All FortiOS versions.

Sometimes the AD connector is showing down under external connectors.


Make sure to check all these things before investigating further:


1) Check whether there is reachability with the FSSO agent.


2) Check whether the firewall rules on the Microsoft AD server are created to allow ports TCP 8000 and UDP 8002.


3) If these steps do not work, it is possible to encounter this:


When the packet captures is captured to see the transaction between the fortigate and Microsoft AD, some error stating will appear:


'nca_s_fault_access_denied being sent from the server:'.



This is generally an issue related to Microsoft server where the user trying to add the Fortigate to the domain does not have full access.


Reference link: