AD multiple path mounts

Tryig to mount multpple AD engine in a different path but it is giving an error:

By default, the secrets engine will mount at the name of the engine. To enable the secrets engine at a different path, use the -path argument.

vault secrets enable --path=testad-ad

vault write testad/config
binddn=‘CN=test,OU=test,OU=Users,OU=geo,DC=test,DC=local’
bindpass=‘pass’\
url=ldap://DC.test.local:389
userdn=‘OU=geo,DC=test,DC=local’

So far so go i can list the new secret testad ad:

vault secrets list

Path                  Type         Accessor              Description
----                  ----         --------              -----------
testad/               ad           ad_dctyr9               n/a

I can read the config:

But when i want to create the role:

vault write testad/roles/testuser \
   service_account_name="testuser@test.local"

Got an error but with the default AD path works

Error writing data to testad/roles/testuser: Error making API request.

URL: PUT 
Code: 500. Errors:

* 1 error occurred:
        * expected one matching entry, but received 0

I believe this is probably a confusing way of saying “I searched your directory for an account named testuser@test.local but found 0 matches”, so this role configuration is incorrect.

You should also bear in mind that the AD secrets engine is deprecated and will be removed in a future Vault version - users are advised to move to the LDAP secrets engine which can work with AD LDAP.

The user definitely exists, both ad and ldap gives the same error, whenever i use the default path ad/ or ldap/ , it works with the same user " Success! Data written to: ad/roles/testuser

This strongly suggests you have not configured the secrets engines at the non-default paths the same as the ones at the default paths.

Thank you maxb, they are the same just the path is different probably i pasted the wrong output, all good now the issue was i had to the domain suffix if it helps anyone, as i said the default one worked without it.