Home

Windows AD identities synced to another Azure AD tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-856739%22%20slang%3D%22en-US%22%3EWindows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856739%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20user%20identities%20in%20an%20on-prem%20Windows%20Server%20AD%20that%20are%20synced%20to%20an%20Azure%20AD%20tenant%20called%20tenantA.onmicrosoft.com.%20However%20we%20manage%20our%20infrastructure%20in%20another%20Azure%20AD%20tenant%20called%20tenantB.onmicrosoft.com.%20Because%20our%20backend%20systems%20are%20in%20that%20tenant%20we%20need%20to%20deploy%20WVD%20in%20tenantB.%20A%20prequisite%20of%20WVD%20is%20that%20user%20identities%20are%20synced%20to%20to%20Azure%20AD%20of%20tenantB%20and%20that%20the%20user%20SID's%20need%20to%20match.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20this%20article%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E)%20I%20understand%20that%20Microsoft%20does%20not%20support%20to%20sync%20user%20identities%20with%20more%20than%201%20Azure%20AD.%20Is%20that%20indeed%20the%20case%20and%20if%20so%2C%20is%20there%20some%20kind%20of%20solution%20for%20this%3F%20For%20more%20insight%20see%20this%20picture.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131920i58B11EDD042CC38A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AD-sync-anonymous.png%22%20title%3D%22AD-sync-anonymous.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907715%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907715%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20having%20the%20same%20concern%20about%20Azure%20Subscription%20where%20my%20host%20pools%20will%20be%20located%20was%20in%20another%20Azure%20AD%20tenant%20and%20my%20Users%20with%20licenses%20are%20in%20different%20Azure%20AD%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20no%20where%20mentioned%20that%20where%20my%20host%20pools%20are%20located%20I%20should%20sync%20the%20user%20in%20that%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20raised%20the%20same%20question%20before%20in%20the%20forum%20and%20then%20I%20tried%20this%20myself.%20Everything%20works%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Marcel A' Campo
Occasional Contributor

We have user identities in an on-prem Windows Server AD that are synced to an Azure AD tenant called tenantA.onmicrosoft.com. However we manage our infrastructure in another Azure AD tenant called tenantB.onmicrosoft.com. Because our backend systems are in that tenant we need to deploy WVD in tenantB. A prequisite of WVD is that user identities are synced to to Azure AD of tenantB and that the user SID's need to match.

 

From this article (https://docs.microsoft.com/nl-nl/azure/active-directory/hybrid/plan-connect-topologies) I understand that Microsoft does not support to sync user identities with more than 1 Azure AD. Is that indeed the case and if so, is there some kind of solution for this? For more insight see this picture. AD-sync-anonymous.png

1 Reply

I was having the same concern about Azure Subscription where my host pools will be located was in another Azure AD tenant and my Users with licenses are in different Azure AD tenant.

There is no where mentioned that where my host pools are located I should sync the user in that tenant. 

 

I had raised the same question before in the forum and then I tried this myself. Everything works fine.

 

https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Azure-AD-tenant-is-different-and-Azur...

 

@Marcel A' Campo 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies