SOLVED

Unified GAL with AADConnect

%3CLINGO-SUB%20id%3D%22lingo-sub-2174142%22%20slang%3D%22en-US%22%3EUnified%20GAL%20with%20AADConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2174142%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EMy%20customer%20wants%20to%20merge%20bikes.com%22%20into%20cars.com's%20existing%20hybrid-configured%20and%20federated%20tenant%20by%20adding%20bikes.com%20email%20domain%20to%20the%20existing%20tenant%20and%20create%20a%20unified%20GAL%20as%20cars.com%20users%20need%20to%20lookup%20bikes.com%20user%20in%20the%20GAL%20and%20vice%20versa.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%22Cars.com%22%20is%20configured%20as%20an%20AD%2FExchange%20hybrid%20forest%26nbsp%3B%3C%2FLI%3E%3CLI%3E%22Bikes.com%22%20is%20currently%20an%20autonomous%20on-premises%20AD%2FExchange%20forest%20but%20users%20need%20Office%20365%2FTeams%26nbsp%3B%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EQ1%3A%20Will%20the%20configuration%20be%26nbsp%3Bsufficient%20to%20provide%20a%20unified%20GAL%20in%20both%20Exchange%20environments%3F%26nbsp%3B%3CBR%20%2F%3EQ2%3A%20If%20Yes%2C%20how%20will%20the%20users%20from%20each%20forest%20appear%20in%20the%20GAL%20in%20the%20other%20forest%3F%20Contacts%3F%20Users%3F%26nbsp%3B%3CBR%20%2F%3EQ3%3A%20What%20would%20be%20the%20easiest%20way%20to%20enable%20free%2Fbusy%20calendar%20sharing%20between%20cars.com%20and%20bikes.com%20users%3F%20Exchange%20Availability%20service%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Topology.png%22%20style%3D%22width%3A%20408px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F258968i60EF81B70700E79C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Topology.png%22%20alt%3D%22Topology.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3EThanks%20in%20advance%2C%3CBR%20%2F%3EDouglas%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2174142%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Server%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2174729%22%20slang%3D%22en-US%22%3ERe%3A%20Unified%20GAL%20with%20AADConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2174729%22%20slang%3D%22en-US%22%3EThe%20only%20way%20to%20end%20up%20with%20%22unified%20GAL%22%20in%20this%20scenario%20is%20to%20move%20all%20users%20to%20a%20single%20O365%20tenant.%20Alternatively%2C%20you%20can%20use%20third-party%20%22galsync%22%20tools%2C%20as%20AAD%20Connect%20only%20synchronizes%20from%20on-prem%20to%20Azure%20AD.%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20for%20free%2Fbusy%20sharing%2C%20org%20relationships%20are%20the%20way%20to%20go%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fsharing%2Fsharing%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fsharing%2Fsharing%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2180843%22%20slang%3D%22en-US%22%3ERe%3A%20Unified%20GAL%20with%20AADConnect%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2180843%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%2C%26nbsp%3Bthanks%20for%20your%20reply.%3CBR%20%2F%3E%3CBR%20%2F%3ECould%20you%20please%20clarify%26nbsp%3B%22move%20users%20to%20a%20single%20tenant%22%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20suggested%20solution%20is%20a%20single%20O365%20tenant%20with%20two%20domains%20(cars.com%20and%20bikes.com)%20as%20bikes.com%20will%20keep%20its%20domain.%20Cars.com%20is%20already%20configured%20as%20an%20Exchange%20hybrid%20and%20now%20they%20want%20to%20merge%20bikes.com%20into%20the%20already%20existing%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20get%20a%20unified%20GAL%2C%20will%20an%20AADConnect%20write-back%20sync%20suffice%20or%20does%20bikes.com%20also%20need%20to%20be%20an%20Exchange%20hybrid%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%2C%20Douglas%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

My customer wants to merge bikes.com" into cars.com's existing hybrid-configured and federated tenant by adding bikes.com email domain to the existing tenant and create a unified GAL as cars.com users need to lookup bikes.com user in the GAL and vice versa.

 

  • "Cars.com" is configured as an AD/Exchange hybrid forest 
  • "Bikes.com" is currently an autonomous on-premises AD/Exchange forest but users need Office 365/Teams 

 

Q1: Will the configuration be sufficient to provide a unified GAL in both Exchange Orgs? 
Q2: If Yes, how will the users from each forest appear in the GAL in the other forest? Contacts? Users? 
Q3: What would be the easiest way to enable free/busy calendar sharing between cars.com and bikes.com users? Exchange Availability service? 


Topology.png

 

 

Thanks in advance,
Douglas 

 

6 Replies
The only way to end up with "unified GAL" in this scenario is to move all users to a single O365 tenant. Alternatively, you can use third-party "galsync" tools, as AAD Connect only synchronizes from on-prem to Azure AD.

As for free/busy sharing, org relationships are the way to go: https://docs.microsoft.com/en-us/exchange/sharing/sharing

@Vasil Michev, thanks for your reply.

Could you please clarify "move users to a single tenant"?

The suggested solution is a single O365 tenant with two domains (cars.com and bikes.com) as bikes.com will keep its domain. Cars.com is already configured as an Exchange hybrid and now they want to merge bikes.com into the already existing tenant.

To get a unified GAL, will an AADConnect write-back sync suffice or does bikes.com also need to be an Exchange hybrid? 

Thanks, Douglas

Writeback doesnt cover recipient objects, so objects created directly in O365 will not be visible on-premises. The only way to see all recipients across both domains will be when using an O365 account and only if both domains are in a single tenant. Or you can use third-part "galsync" products to create matching entries on-premises. PowerShell is also an option, if you feel up to it.

OK, but both domains (forests) will join the same tenant ("cars.com" already is with a majority of their mailboxes in EOL) and optionally "bikes.com" will be configured as a hybrid. Without a 3rd party tool, will on-prem users from each forest not be able to see users from the other forest in GAL?

best response confirmed by Douglas Hamilton (Occasional Contributor)
Solution
They will not, as they'll be getting the on-premises GAL.
Thank you Vasil for your input.

/Douglas