Azure AD Connect in Multi-forest scenerio

%3CLINGO-SUB%20id%3D%22lingo-sub-143006%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20in%20Multi-forest%20scenerio%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-143006%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Team%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERunning%20through%20an%20curious%20implementation%20in%20development%20infra.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ei%20have%20a%20M365%20tenant%20and%20two%20on-prem%20directory%20forest%20abc.com%20and%20xyz.com.%20i%20want%20to%20sync%20both%20directory%20to%20M365%20tenant%20and%20use%20pass%20through%20authentication.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eso%20far%20good%20for%20implementing%20first%20forest%20-%20abc.com%20(where%20i%20have%20installed%20AAD%20connect%20and%20configured%20both%20forest%20abc.com%20and%20xyz.com%20to%20sync%20to%20azure%20ad)%20now%20when%20i%20access%20any%20application%20for%20abc.com%20user%20its%20authenticating%20without%20any%20issue%20but%20when%20i%20do%20access%20any%20apps%20using%20xyz.com%20it%20doesn't%20authenticate.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3Efor%20more%20information%20-%20i%20have%20done%20nothing%20in%20respect%20to%20AAD%20connect%20configuration%20on%20xyz.com%20(assuming%20it%20must%20have%20taken%20care%20while%20running%20wizard)%20and%20there%20is%20no%20forest%20trust%20or%20anything%20between%20both%20forest.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ewhat%20i%20am%20missing%20here%2C%20quick%20answer%20is%20really%20appreciated.%20Thank%20you%3C%2FP%3E%0A%3CP%3EPlease%20feel%20free%20to%20ask%20any%20information%20regarding%20the%20same.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-143006%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESync%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi Team,

 

Running through an curious implementation in development infra.

 

i have a M365 tenant and two on-prem directory forest abc.com and xyz.com. i want to sync both directory to M365 tenant and use pass through authentication.

 

so far good for implementing first forest - abc.com (where i have installed AAD connect and configured both forest abc.com and xyz.com to sync to azure ad) now when i access any application for abc.com user its authenticating without any issue but when i do access any apps using xyz.com it doesn't authenticate. 

for more information - i have done nothing in respect to AAD connect configuration on xyz.com (assuming it must have taken care while running wizard) and there is no forest trust or anything between both forest.

 

what i am missing here, quick answer is really appreciated. Thank you

Please feel free to ask any information regarding the same.

0 Replies