Forum Discussion

DNM0288's avatar
DNM0288
Copper Contributor
Sep 30, 2019

Replace multi forest on prem ADs with AAD

Hello,  I searched this on internet many times but I couldn't find a solid answer for this. My problem is, We have on-prem DCs in three countries (US, Sweden, UK) All three has their own forests, ...
Access Management
Azure Active Directory (AAD)
microsoft 365
Thijs Lecomte's avatar
Thijs Lecomte
Bronze Contributor
Sep 30, 2019

Hi DNM0288 

 

This is certainly possible!

One thing to keep in mind is that there can only be one active AADC per tenant. 

To replicate multiple AD forests to 1 tenant, you need to get a trust between the 3 different tenants. Check this link for more information : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-single-azure-ad-tenant

This can't be done without a trust.

 

Once this has been setup all users will be enabled in Azure Active Directory and will authenticate to a single tenant.

 

If you have any more questions, don't hesistate to reply 🙂

  • rosaliod's avatar
    rosaliod
    Brass Contributor
    Oct 05, 2019
    This is correct you can only have one AAD Connect server syncing to an AAD tenant at any given time. However you don't need a trust between forests. The AAD Connect server needs to be able to communicate to the other three forests so a VPN or another method of connectivity is needed.

    https://docs.microsoft.com/en-us/skypeforbusiness/hybrid/cloud-consolidation-aad-connect

Resources