Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AD Connect Multiple Tenants Single AD

Copper Contributor

Hi,

Wonder if this is possible?

 

We have a client that wants to keep his two domains separate and in different tenants and then sync on prem AD to the two tenants.

 

The on prem AD would have both domains UPN suffix's added to their accounts in on prem AD as the users in both tenants would be the same.

 

Thanks

 

6 Replies
Hmm, you could filter on upn and sync users to different tenants using separate Adconnect instances. ( one for each) but same objekt in multiple tenants is not supported..
Please look here for supported and unsupported configurations:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

Adam
Thanks Adam, Let me go over the link.

These topologies of domain to tenant sync are covered well here

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

 

You specifically can't sync the same users to multiple tenants.

 

What are they trying to achieve, there's no reason they can't have multiple SMTP addresses for each user in different domains, what else are they trying to separate ?

You can do it as long as you have separated azure ad connects running with mutually exclusive set of objects to operate on.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#each-object-o...