Forum Discussion
Mix Password Sync and ADFS - multiple Forests
Michael Obernberger wrote:"The child company is already having an Office 365 with ADFS enabled"
"So now my question is, when I add the new forest to our AD Connect server..."
Stop right there =) If the new company you acquired or have already has their own separate AD Tenant, you cannot add their forest into your Azure AD Connect. That is an unsupported Azure AD Connect topology. See this article for more information:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies
However, once you remove all their user objects from their O365 tenant, and you remove their domain name from their tenant and move it to your tenant, THEN, and only then, can you accomplish what you were hoping for .. YES, you can federate their domain name with their existing ADFS forest, pointing all that to your tenant.
If you have not done this before, you should work with a Microsoft Partner to help you.
Michael Obernberger wrote:"The child company is already having an Office 365 with ADFS enabled"
"So now my question is, when I add the new forest to our AD Connect server..."
Stop right there =) If the new company you acquired or have already has their own separate AD Tenant, you cannot add their forest into your Azure AD Connect. That is an unsupported Azure AD Connect topology. See this article for more information:
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies
However, once you remove all their user objects from their O365 tenant, and you remove their domain name from their tenant and move it to your tenant, THEN, and only then, can you accomplish what you were hoping for .. YES, you can federate their domain name with their existing ADFS forest, pointing all that to your tenant.
If you have not done this before, you should work with a Microsoft Partner to help you.
Thanks Joe, that was the response I was looking for.
Michael
