Forum Discussion
ADDS trusted forests.domains A. OnPrem EX2013 B.Office 365 into new ADDS and New 0365 Tenant?
Hey Floyds_on_Greenwood ,
Here is an article which explains about adding an additional directory in AADConnect : https://www.mustbegeek.com/setup-azure-ad-connect-to-synchronize-multiple-active-directory-forests/
There are other links in the article talking about prerequisites like Trust between the forests, conditional forwarder etc. You can achieve the configuration without trust as well, the article is a bit old (and has a few ads now agggh) but still works well. Will drop response to your other query in some time a bit occupied right now.
Thanks
Appreciate your help very much harveer singh
Hey Floyds_on_Greenwood ,
Sorry to keep you waiting, a few more question for you, are you planning to migrate both the ADs ( one with exchange 2013 and the other with Dirsync) to a new forest all together, or are you simply merging the two forests ? Going with merge would certainly remove quite some complexity and would make the plan a bit simpler. Also is it a compliance requirement to move away from the office 365 tenant you already have? If you can stick to the same tenant and simply add the new domain in the same tenant , it would again ease your work and you wont have to perform a tenant to tenant mailbox migration ( I am assuming you have mailboxes in office 365 for the other forest).
Hello harveer singh
I don't believe we could rename the existing tenant - correct?
We will migrate both into a new forest - yes. It will be a new company name. We need a new tenant name to follow the name for the new company.
companya.local
companyb.local
into mynewcompany.org
- Yup, a tenant can't be renamed as of now. Okay, there a few ways to achieve the target state, In my opinion the simplest one would be using a third party migration tool like Bittitan etc. Lets say your forest setup is A-F-B where A is forest with exchange 2013, B is forest with office 355 and F is the final forest. The high level approach incase of 'third party' migration tool would be:
1. Install Aadconnect in forest F with new tenant. FILTER OUT masexchmailboxguid from synchronization. Add the new domain in new tenant.
2. Migrate(copy) users on-premises from Forest A and B to new forest F using ADMT/other, preserve the object guid but project the users with new upn user1@newdomain.com in the target forest F.
3. Now once you have users in Forest F, sync them to office 365 without mailbox guid, next when you assign a license in office 365, mailbox would be provisioned and office 365 mailboxes will be ready for data to be imported.
4. Now use third party tool to pull data directly into mailboxes from exchange and office 365 forest. Using a third party tool would allow you to do an incremental migration as well, so the users in exchange and old office 365 remain in production to the very last day, incase the migration runs for a few weeks. Lastly you will have to remove the old domain from old tenant and add it into the new tenant.
As i said this is one of the methods to achieve this, I suggest using a third party tool as one of your sources is office 365 and for migrating out of office 365 thirdy party tools serve better.
If you want to take the hybrid route there is added complexity, approach from forest B with office 365 remains the same as above, things would change for exchange forest though, high level overview:
Install Aadconnect in forest F, add forest A as remote directory(article previously shared), once users are synced, setup hybrid, move all mailboxes to office 365, decom exchange on-premises, move users from forest A to destination forest deleting source, so that Aadconnect sees only one instance of user object. Please note that with this approach you will also have to manage mailbox guids for two forests seperately, as exchangemailbox guid must be synced to office 365 for hybrid migration, but for office 365 to office 365 migration you don't want to sync mailbox guid from on-premises.
This is just a high level overview to get you started, a lot more can go into this discussion to fill out any gaps.