Office 365 authentication with single tenant and multiple forests without AD trusts

Hi,

We have the following situation:

- 3 dedicated forests

- 1 Office 365 tenant

- AD trusts are not possible because of duplicated NETBIOS names

I know that we can use Azure AD Connect (1 instance) for alle 3 domains without trusts but what is about authentication? As far as I know AD FS and Pass-Through Authentication need AD trusts between the forests? What possible authentication scenarios are available for that environment (without AD trusts)?

Kind regards
Patrick

Authentication

Azure AD

office 365

Pablo R. Ortiz
Feb 27, 2018
If you cannot establish trusts between your forests then you will have to federate them separately, deploying different ADFS for each forest. After that you can establish different trusts with Azure AD:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-multiple-domains

9 Replies

Pablo R. Ortiz
Iron Contributor
Feb 27, 2018
If you cannot establish trusts between your forests then you will have to federate them separately, deploying different ADFS for each forest. After that you can establish different trusts with Azure AD:

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-multiple-domains
- Patrick B
  Brass Contributor
  Feb 27, 2018
  Hi,
  
  Thanks for your reply. That sounds good. Do you know if it is also working with Pass-Through Authentication?
  
  Kind regards
  
  Patrick
  - Pablo R. Ortiz
    Iron Contributor
    Feb 27, 2018
    No, sorry. Pass-through authentication requires Trust between your forests.

Forum Discussion

Office 365 authentication with single tenant and multiple forests without AD trusts

9 Replies

Resources