Forum Discussion
Same Active Directory but different AAD
Hey Guys,
so currently im working in an environment where we have one big domain and many departments in different areas. Every department is part of this (on premise) domain but for some reason some departments want to use their own azure ad tenant even though we have one tenant for everyone - No way to change that for now. In fact this results in some serious issues, for example in the Office Suite where they have to change the logged on user everytime theyre opening Word or Excel. We also have Roaming Profiles active, so things they change for there profile will be deleted later on, so they have to do this configuration everytime they log in. We arent Intune enrolled or hybrid managed, pretty oldschool everything.
Im searching for a possibility where we could set up an association for those Users or departments to their own tenants, so that if a user logs in, they automatically get logged in into their own individual Azure AD Tenant - or at least get asked for their credentials for their own tenant. I read something about Alternate Login ID but im not sure if this is the right thing we need.
I really appreciate your suggestions 🙂
Best regards
sebamedo
- The supported topologies are listed here, including a single AD to multiple AAD tenants one: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#sync-ad-objects-to-multiple-azure-ad-tenants
The problem you'd have is authentication, as any given domain can be verified in a single tenant only. An easy workaround is to use subdomains, but depending on your needs you might have to end up with something more complex.