cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Mix Password Sync and ADFS - multiple Forests

Michael Obernberger
Brass Contributor

‎Nov 09 2017 10:45 AM - last edited on ‎Feb 10 2023 02:26 PM by

‎Nov 09 2017 10:45 AM - last edited on ‎Feb 10 2023 02:26 PM by

Mix Password Sync and ADFS - multiple Forests

Hi,

we have an Office 365 tenant configured with Password Sync and Single Sign On enabled, which works fine.

Now we want to integrate a child company with a new forest which should work with AD Connect. The child company is already having an Office 365 with ADFS enabled.

So now my question is, when I add the new forest to our AD Connect server, could I configure the different domain to work with existing ADFS infrastructure and leave our domain on Password sync configured?

Thanks,

Michael

2,056 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Michael Obernberger (Brass Contributor)
Joe Stocker

‎Nov 09 2017 04:41 PM

‎Nov 09 2017 04:41 PM

Solution

Re: Mix Password Sync and ADFS - multiple Forests

@Michael Obernberger wrote:

"The child company is already having an Office 365 with ADFS enabled"

"So now my question is, when I add the new forest to our AD Connect server..."

Stop right there =)  If the new company you acquired or have already has their own separate AD Tenant, you cannot add their forest into your Azure AD Connect. That is an unsupported Azure AD Connect topology. See this article for more information:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologi...

However, once you remove all their user objects from their O365 tenant, and you remove their domain name from their tenant and move it to your tenant, THEN, and only then, can you accomplish what you were hoping for .. YES, you can federate their domain name with their existing ADFS forest, pointing all that to your tenant.

If you have not done this before, you should work with a Microsoft Partner to help you.

 

0 Likes
Reply
Michael Obernberger

‎Nov 09 2017 08:52 PM

‎Nov 09 2017 08:52 PM

Re: Mix Password Sync and ADFS - multiple Forests

Thanks Joe, that was the response I was looking for.

 

Michael

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Michael Obernberger (Brass Contributor)
Joe Stocker

‎Nov 09 2017 04:41 PM

‎Nov 09 2017 04:41 PM

Solution

Re: Mix Password Sync and ADFS - multiple Forests

@Michael Obernberger wrote:

"The child company is already having an Office 365 with ADFS enabled"

"So now my question is, when I add the new forest to our AD Connect server..."

Stop right there =)  If the new company you acquired or have already has their own separate AD Tenant, you cannot add their forest into your Azure AD Connect. That is an unsupported Azure AD Connect topology. See this article for more information:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologi...

However, once you remove all their user objects from their O365 tenant, and you remove their domain name from their tenant and move it to your tenant, THEN, and only then, can you accomplish what you were hoping for .. YES, you can federate their domain name with their existing ADFS forest, pointing all that to your tenant.

If you have not done this before, you should work with a Microsoft Partner to help you.

 

View solution in original post

0 Likes
Reply