Hey Guys,
Quick question here. If we have the following:
1) Multiple AD Forests, Multiple Domains (in each forest)
2) Single Azure Tenant, want to sync objects from each of forest
3) Single Instance of AD Connect
This portion of this document: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-fore...
When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server. The server must be joined to a domain. If necessary to reach all forests, you can place the server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).
I really want to make sure i understand that, am I supposed to join the the AD Connect Server to a single forest/domain and then add the other forests when i am doing my custom configuration? if so which forest?
I was always under the impression that when connecting to multiple AD forests, you should NOT join the AD Connect server to ANY domain and just add the other forests, domains as needed, using their respective credentials.
Thanks,
Robert
