SOLVED

Azure AD Hybrid Setup

%3CLINGO-SUB%20id%3D%22lingo-sub-1248296%22%20slang%3D%22en-US%22%3EAzure%20AD%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1248296%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20multi%20forest%20environment%20that%20I%20would%20like%20to%20sync%20to%20Azure%20AD%20with%20AD%20connect%2C%20is%20it%20possible%20to%20achieve%20below%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Sync%20two%20domains%20to%20one%20Tenant.%3C%2FP%3E%3CP%3E2.%20SSO%20for%20the%20two%20domains.%3C%2FP%3E%3CP%3E3.%20Sync%20Devices%20to%20Azure%20AD%20and%20use%20Intune%20to%20manage%2C%20and%20how%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20your%20help%20in%20advance!%3C%2FP%3E%3CP%3EArya%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1248296%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1248380%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Hybrid%20Setup%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1248380%22%20slang%3D%22en-US%22%3EHi%20Arya%2C%3CBR%20%2F%3E%3CBR%20%2F%3E1.%20Yes%2C%20you%20can%20sync%20directories.%20It%20should%20be%20under%20Add%20Directory%20in%20Ad%20Connect.%20You%20need%20to%20have%20s2s%20vpn%20between%20the%20domains.%3CBR%20%2F%3E%3CBR%20%2F%3ECheck%20Multiple%20forests%20single%20AD%20tenant.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E2.%20I%20recommend%20using%20Seamless%20SSO%2C%20easy%20to%20setup%20with%20AD-Connect.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fbs-latn-ba%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-sso%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E3.%20You%20can%20use%20GPO%20to%20enroll%20devices%20to%20MDM%2C%20you%20have%20some%20prerequisites%20like%20Intune%20license%2C%20Windows%20build%20version%20and%20Intune%20Cname%20setup%20etc.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%23configure-the-auto-enrollment-group-policy-for-a-single-pc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fenroll-a-windows-10-device-automatically-using-group-policy%23configure-the-auto-enrollment-group-policy-for-a-single-pc%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps!%3CBR%20%2F%3EMoe%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi Everyone,

 

I have multi forest environment that I would like to sync to Azure AD with AD connect, is it possible to achieve below:

 

1. Sync two domains to one Tenant.

2. SSO for the two domains.

3. Sync Devices to Azure AD and use Intune to manage, and how?

 

Thanks for your help in advance!

Arya

1 Reply
best response confirmed by Arya1028 (New Contributor)
Solution
Hi Arya,

1. Yes, you can sync directories. It should be under Add Directory in Ad Connect. You need to have s2s vpn between the domains.

Check Multiple forests single AD tenant.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies


2. I recommend using Seamless SSO, easy to setup with AD-Connect.

https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-sso

3. You can use GPO to enroll devices to MDM, you have some prerequisites like Intune license, Windows build version and Intune Cname setup etc.

https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatica...

Hope this helps!
Moe