Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AAD Connect - Object matching across forests, post-installation

Copper Contributor

We would like to connect a second resource forest to our instance of AAD Connect.  This forest is used a Skype resource forest with disabled users populated with the necessary Skype attributes with the goal of hybrid enablement.

 

During the initial setup of AAD Connect, there is the option for "Uniquely identifying your users".  However, this screen is not available during a re-run of the AAD config once it was been installed.  Is it possible post-installation to define a custom attribute to match users existing more than once across forests?  Is retroactive object matching possible or do we need to re-install AAD Connect, and recreate the metaverse and connectors once again? 

 

Additionally, we plan to use a custom attribute which is also our chosen ImmutableID and is written to both user objects through our identity provisioning system.  Do you see any issues using this attribute for the matching or would another be preferred in a Skype hybrid scenario?

1 Reply

Hey Keith,

Not sure I can answer all of your questions, but hopefully I can help the conversation along some.

 

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologi...

That link goes over all the supported topologies. The good news is what you are describing is in there in two different forms (all under the multiple forest match users settings). As long as your users only have one active account (which your description points out) this should work.

 

The bad news is that it seems to match pre-defined the attributes for you to use as either Mail or ObjectSid/an exchangeSid.

I would read into those topologies more, and with that as a starting point I am sure you can get more details, or perhaps someone smarter than me to help you here! :)


Finally yes, you want to re-install AADC as your are changing your topology and design, not modifying your existing one.

 

Adam