Forum Discussion
Exchange in child forest with users in root forest
Hey Tom Gould,
If you are staying on prem, it sounds like you need to looked into Linked accounts. You can read more about it here - https://blogs.technet.microsoft.com/appssrv/2010/11/03/how-to-link-existing-ad-accounts-to-the-correct-organization-in-a-microsoft-exchange-server-2010-sp1-multi-tenant-environment/, but in essence it is a way to link accounts in a new forest to an AD account that exists somewhere else. This would work well for populating users in a second AD that already exist somewhere else, but not make you have two independent accounts.
You should know going in however, linked accounts make a migration to O365 a bit more interesting when you get into it, and typically we just would commit and migrate that user to the exchange solution in full, prior to a move to O365. (so would move those users twice, once to the AD/forest for the one prem exchange, and once to the cloud).
In O365, your AADConnect can only have 1 server per tenant. So to your question, if your AADC is running on your root domain and syncing up to O365, then any accounts there will be fine.
If your AADC is running on a DC to a the child domain, then it gets a bit more complicated. You can add additional forests into AADC through connectors, that as along as the AADC application has access/appropriate credentials into that other forest it can work and still replicate users up. You can see the approved topology diagram is one of the first discussed, multiple forests 1 AADC server - https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies
Big picture though, if this was my project 1000% i would focus on getting the identity cleaned up and consolidated. Identity is the foundation that you build your organizations house on for O365 and the cloud. If it is a shaking/messy foundation it will plague you with problems down the road. Sometimes timelines force a temporary situation that is a bit messy, but work towards the end goal of having one consolidated AD if possible that runs up to O365.
Adam