Multi-Forest AAD Connect (Office 365) to New Azure AD tenant-Office 365 Tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-270983%22%20slang%3D%22en-US%22%3EMulti-Forest%20AAD%20Connect%20(Office%20365)%20to%20New%20Azure%20AD%20tenant-Office%20365%20Tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-270983%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Experts%2C%3C%2FP%3E%3CP%3ELooking%20for%20your%20expertise%20on%20following%20scenario%20%3A%3C%2FP%3E%3CP%3EWe%20have%20two%20on-premise%20Active%20Directory%20Forest%20with%20separate%20Azure%20Tenant%20(Office%20365)%3C%2FP%3E%3CP%3E1.%20Forest%20A.Com%20--%26gt%3BAD%20Connect--%26gt%3BAzure%20AD%20(O365%20Tenant%20A)%3C%2FP%3E%3CP%3E2.%20Forest%20B.Com--%26gt%3BAD%20Connect--%26gt%3BAzure%20AD%20(%3CSPAN%3EO365%26nbsp%3B%3C%2FSPAN%3ETenant%20B)%3C%2FP%3E%3CP%3ENow%2C%20we%20want%20to%20consolidate%20both%20Azure%20AD%20(%3CSPAN%3EO365%26nbsp%3B%3C%2FSPAN%3ETenant%20A%20and%20Tenant%20B)%20to%20a%20single%20tenant%20called%20%22Tenant%20C%22%2C%20but%20on-premises%20AD%20DS%20will%20be%20remain%20same.%3C%2FP%3E%3CP%3EAs%2C%20we%20can%20go%20%22Multiple%20forests%2C%20separate%20topologies%22%20scenario%20on%20below%20post%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%23multiple-forests-separate-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%23multiple-forests-separate-topologies%3C%2FA%3E%3C%2FP%3E%3CP%3EBut%2C%20same%20time%20we%20have%20to%20migrate%20the%20mailboxes%20from%20Tenant%20A%20and%20Tenant%20B%20to%20Tenant%20C%2C%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20are%20the%20steps%20what%20we%20are%20planning%3A%3C%2FP%3E%3COL%3E%3CLI%3EWe%20can%20do%20initial%20sync%20Forest%20A%20--%26gt%3BAAD%20Sync%20--%26gt%3B%20Azure%20AD%20Tenant%20C%20(%20for%20creating%20the%20users%20in%20Tenant%20C)%20%22The%20UPNs%20of%20the%20users%20in%20the%20on-premises%20Active%20Directory%20instance%20must%20also%20use%20separate%20namespaces%22%3C%2FLI%3E%3CLI%3EUse%20the%203rd%20party%20tool%20to%20move%20mailboxes%20from%20Tenant%20A%20to%20Tenant%20C%20(to%20map%20the%20UPN)%20-Stage-Sync%20(95%25)%3C%2FLI%3E%3CLI%3ESame%20process%20for%20Forest%20B%20and%20Tenant%20B.%3C%2FLI%3E%3CLI%3EConfigure%20AAD%20Connect%20(multi-forest%20A%20%26amp%3B%20B)%20to%20Azure%20AD%20Tenant%20C%20and%20start%20sync%20(over%20night%2Fweekend)%20with%20matching%20the%20namespace.%3C%2FLI%3E%3CLI%3ECutover%20the%20mailbox%20migration%20to%20Tenant%20C%3C%2FLI%3E%3CLI%3ERemove%20the%20Azure%20AD%20Tenant%20A%20and%20Tenant%20B%20from%20AAD%20Connect%3C%2FLI%3E%3C%2FOL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYour%20expertise%20will%20highly%20appreciate%20to%20correct%20me%20on%20this.%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-270983%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-271095%22%20slang%3D%22en-US%22%3ERe%3A%20Multi-Forest%20AAD%20Connect%20(Office%20365)%20to%20New%20Azure%20AD%20tenant-Office%20365%20Tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-271095%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20we%20are%20not%20doing%20any%20domain%20migration.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-271050%22%20slang%3D%22en-US%22%3ERe%3A%20Multi-Forest%20AAD%20Connect%20(Office%20365)%20to%20New%20Azure%20AD%20tenant-Office%20365%20Tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-271050%22%20slang%3D%22en-US%22%3EI%20believe%20it%20looks%20ok%20as%20long%20as%20you%20keep%20the%20namespaces%20separate!%20You%E2%80%99re%20not%20doing%20any%20domain%20migrations%3F%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello Experts,

Looking for your expertise on following scenario :

We have two on-premise Active Directory Forest with separate Azure Tenant (Office 365)

1. Forest A.Com -->AD Connect-->Azure AD (O365 Tenant A)

2. Forest B.Com-->AD Connect-->Azure AD (O365 Tenant B)

Now, we want to consolidate both Azure AD (O365 Tenant A and Tenant B) to a single tenant called "Tenant C", but on-premises AD DS will be remain same.

As, we can go "Multiple forests, separate topologies" scenario on below post:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-fore...

But, same time we have to migrate the mailboxes from Tenant A and Tenant B to Tenant C, 

Here are the steps what we are planning:

  1. We can do initial sync Forest A -->AAD Sync --> Azure AD Tenant C ( for creating the users in Tenant C) "The UPNs of the users in the on-premises Active Directory instance must also use separate namespaces"
  2. Use the 3rd party tool to move mailboxes from Tenant A to Tenant C (to map the UPN) -Stage-Sync (95%)
  3. Same process for Forest B and Tenant B.
  4. Configure AAD Connect (multi-forest A & B) to Azure AD Tenant C and start sync (over night/weekend) with matching the namespace.
  5. Cutover the mailbox migration to Tenant C
  6. Remove the Azure AD Tenant A and Tenant B from AAD Connect

 

Your expertise will highly appreciate to correct me on this.

Thank you!

2 Replies
Highlighted
I believe it looks ok as long as you keep the namespaces separate! You’re not doing any domain migrations?
Highlighted

Yes, we are not doing any domain migration.