Forum Discussion
AD Connect + two forests = frustration?
If I've understood correctly I very much doubt this is supported, from a IDM perspective user v account is a 1:1 relationship.
Well, I understand what you mean and indeed there is only one O365/Azure AD account in use but if there is no supported way to handle multiple forests with non-unique users why then does the AD Connect wizard offer a step of selecting an attribute to identify users in multiple places? Why then are there precedence rules that dictate which order conflicting attributes are to be resolved?
This is part of our problem. MS support has already stated that we cannot do this without changing the UPNs of the non-unique users in O365. We do not want to do this and all of the relevant documentation and support/blog posts I'm reading suggest that this scenario should work.
If it is in fact not supported I really wish MS would update their guidance to clearly and specifically spell this out.
If we cannot get past this our solution will be to filter off the users in the original domain altogether and then manually map the users in the new domain to the existing O365 users.
Thanks for your reply.