Home

AD Connect Multiple Tenants Single AD

%3CLINGO-SUB%20id%3D%22lingo-sub-281479%22%20slang%3D%22en-US%22%3EAD%20Connect%20Multiple%20Tenants%20Single%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-281479%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EWonder%20if%20this%20is%20possible%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20client%20that%20wants%20to%20keep%20his%20two%20domains%20separate%20and%20in%20different%20tenants%20and%20then%20sync%20on%20prem%20AD%20to%20the%20two%20tenants.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20on%20prem%20AD%20would%20have%20both%20domains%26nbsp%3BUPN%20suffix's%20added%20to%20their%20accounts%20in%20on%20prem%20AD%20as%20the%20users%20in%20both%20tenants%20would%20be%20the%20same.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-281479%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-285210%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20Multiple%20Tenants%20Single%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-285210%22%20slang%3D%22en-US%22%3EYou%20can%20do%20it%20as%20long%20as%20you%20have%20separated%20azure%20ad%20connects%20running%20with%20mutually%20exclusive%20set%20of%20objects%20to%20operate%20on.%3CBR%20%2F%3EReference%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%23each-object-only-once-in-an-azure-ad-tenant%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%23each-object-only-once-in-an-azure-ad-tenant%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-281907%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20Multiple%20Tenants%20Single%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-281907%22%20slang%3D%22en-US%22%3E%3CP%3EThese%20topologies%20of%20domain%20to%20tenant%20sync%20are%20covered%20well%20here%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%3EYou%20specifically%20can't%20sync%20the%20same%20users%20to%20multiple%20tenants.%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%3EWhat%20are%20they%20trying%20to%20achieve%2C%20there's%20no%20reason%20they%20can't%20have%20multiple%20SMTP%20addresses%20for%20each%20user%20in%20different%20domains%2C%20what%20else%20are%20they%20trying%20to%20separate%20%3F%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-281488%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20Multiple%20Tenants%20Single%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-281488%22%20slang%3D%22en-US%22%3EThanks%20Adam%2C%20Let%20me%20go%20over%20the%20link.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-281480%22%20slang%3D%22en-US%22%3ERe%3A%20AD%20Connect%20Multiple%20Tenants%20Single%20AD%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-281480%22%20slang%3D%22en-US%22%3EHmm%2C%20you%20could%20filter%20on%20upn%20and%20sync%20users%20to%20different%20tenants%20using%20separate%20Adconnect%20instances.%20(%20one%20for%20each)%20but%20same%20objekt%20in%20multiple%20tenants%20is%20not%20supported..%3CBR%20%2F%3EPlease%20look%20here%20for%20supported%20and%20unsupported%20configurations%3A%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAdam%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Sean Westmore
New Contributor

Hi,

Wonder if this is possible?

 

We have a client that wants to keep his two domains separate and in different tenants and then sync on prem AD to the two tenants.

 

The on prem AD would have both domains UPN suffix's added to their accounts in on prem AD as the users in both tenants would be the same.

 

Thanks

 

4 Replies
Hmm, you could filter on upn and sync users to different tenants using separate Adconnect instances. ( one for each) but same objekt in multiple tenants is not supported..
Please look here for supported and unsupported configurations:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

Adam
Thanks Adam, Let me go over the link.

These topologies of domain to tenant sync are covered well here

 

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

 

You specifically can't sync the same users to multiple tenants.

 

What are they trying to achieve, there's no reason they can't have multiple SMTP addresses for each user in different domains, what else are they trying to separate ?

You can do it as long as you have separated azure ad connects running with mutually exclusive set of objects to operate on.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#each-object-o...
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies