I was hoping that I could get a bit of guidance to the challenge I have.
We are an established Office365 customer with SSO with ADFS, for the purpose of this we are using the email address @companya.com
Our organisation recently acquired another organisation, who are an existing Office365 customer on a seperate tenant and active directory domain. For the purpose of this, the email address is @anothercompany.com. They also have a sizeable sharepoint online and yammer content environment. Again they are setup with SSO with ADFS
The management team have set us the following challenge.
Migrate email services only from @anothercompany.com firstname.lastname@example.org, leaving sharepoint and yammer on the existing environment.
Retain the existing Active Directory domain and user accounts, these are to be used to access the email accounts setup in @companya.com tenancy
Also used to access the retained content in the @anothercompany.com tenancy
I cannot see how this is possible and would appreciate if there are any pointers or guidance that I could be given. I have carried out previous migrations from onpremise and office365 tenancy migrations, but as of yet I have not come across the above requirements and through the investigations I have carried out I cannot see a possible solution for this.
I think that the biggest problem is the authentication part. There are many ways to migrate emails after that is sorted out so I'll skip that part for now.
The scenario you mentioned is possible, here are the steps. For clarity, I use TenantA and TenantB.
You need move the @anothercompany.com domain from TenantB to TenantA
Register a new domainname to TenantB, such as @cloud.anothercompany.com
Modify the Azure AD Connect (aka directory sync) synchronization rules so that users' UPN is synced as @cloud.anothercompany.com instead of @anothercompany.com
You may need to manually change existing users' UPNs to the new one (a PowerShell script will do) in cloud, don't forget the groups (although they do not matter).
Remove the domain from TenantB and add & verify it in the TenantA
Configure Azure AD Connect of TenantA
Add all email aliases to proxyAddresses attribute for @anothercompany.com users in their AD.
Add a new forest to Azure AD Connect (@anothercompany.com) of TenantA
Modify the Azure AD Connect rules so that @anothercompany.com users' UPN is synced as @companya.com (OR leave it as is)
That should do it. Now the @anothercompany.com users can login to TenantA using @companya.com email address (OR @anothercompany.com) and to TenantB using @cloud.anothercompany.com.
Please note that in this scenario there are two Azure AD Connect instances syncing the same on-premise AD (original @anothercompany.com) to the cloud, which is not officially supported scenario. However, as long as nothing is written back from TenantB everything should be okay.