Forum Discussion
Single AD domain multiple tenants
Hi
Is it possible to have two separate tenants with a single AD domain? For instance a Development tenant and a user acceptance tenant using a single AD Domain?
If possible, can someone point me to documentation?
Thanks!
3 Replies
- https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants
Being an Azure channel, I'm not sure if you mean Active Directory or Azure Active Directory.
For Active Directory, you can do a reasonably good job of housing multiple tenants in multiple domains within a single forest, but just because you can doesn't mean you should.
You need to have a good grasp around any legal separation requirements, and on the technology side, understand the difference between service administrators and data administrators.
Without knowing your specific requirements, the stereotypical advice that comes in response to these things would be to create separate forests.
Here's a very basic section on separate Active Directory domains. You'd want to do more reading than this section but it's a start.
If you're talking about Azure Active Directory, then no, you can't really do that.
There is a feature called "administrative units" (which you have to pay extra to gain access to) that can be used as a basic grouping mechanic but this isn't robust enough for what you're probably talking about.
In Azure AD, separate organisations should be kept as separate Azure tenants.
Cheers,
Lain
- Thank you very much. I appreciate the info!
