Forum Discussion
Sync AD Users to multiple O365 Tenants using ADConnect
kpsingh as long as you use OU Filtering so that each object is only synced to a single Azure AD Tenant then you are in a supported design as per the Microsoft documentation here:
The Azure AD Connect sync servers must be configured for filtering so that each has a mutually exclusive set of objects to operate on. You can, for example, scope each server to a particular domain or organizational unit.
A DNS domain can be registered in only a single Azure AD tenant. The UPNs of the users in the on-premises Active Directory instance must also use separate namespaces. For example, in the preceding picture, three separate UPN suffixes are registered in the on-premises Active Directory instance: contoso.com, fabrikam.com, and wingtiptoys.com. The users in each on-premises Active Directory domain use a different namespace.
This topology has the following restrictions on otherwise supported scenarios:
- Only one of the Azure AD tenants can enable an Exchange hybrid with the on-premises Active Directory instance.
- Windows 10 devices can be associated with only one Azure AD tenant.
- The single sign-on (SSO) option for password hash synchronization and pass-through authentication can be used with only one Azure AD tenant.
The requirement for a mutually exclusive set of objects also applies to writeback. Some writeback features are not supported with this topology because they assume a single on-premises configuration. These features include:
- Group writeback with default configuration.
- Device writeback.