One of our customer raised the below query:
They have the below environment:
-Forest A & B have a forest trust configured
-Both forests use Exchange 2010 mailboxes on premise
-Both forests share the same smtp domain i.e. @contoso.com (both forests have mailboxes using the same domain)
-Exchange 2016 is installed to enable a hybrid migration
-ADFS is installed in Forest A only (as a trust is in-place it allows ADFS to be placed in one forest?)
-AADC is installed in Forest A and synch’s both Forest A and B to O365
Aim: To migrate to Office 365 using hybrid from both forest A and B
What happens if mailboxes in both forest A and B have the same UPN suffix (i.e. contoso.com), which is the mailbox primary email domain as well?
-Will ADFS be able to authenticate logons from both forests, bearing in mind that shared smtp domain is in use?
-If ADFS cannot be used, can AADC password rep from both Forest A and B be used instead
-Is there any way to use AADC with SSO from both Forest A and B to overcome the limitation introduced by the shared smtp domain used for both forest A and B?
Any pointers would be of great help!!
Many thanks in advance.