Multiple on-prem forests same UPN? (Pass-Through Authentication)

%3CLINGO-SUB%20id%3D%22lingo-sub-1010879%22%20slang%3D%22en-US%22%3EMultiple%20on-prem%20forests%20same%20UPN%3F%20(Pass-Through%20Authentication)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1010879%22%20slang%3D%22en-US%22%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EHi!%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CBR%20%2F%3EI%20have%20a%20customer%20case%20where%20there%20are%20multiple%20on-premises%20AD%20that%20currently%20synchronize%20to%20one%20Office365%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EToday%20they%20use%20different%20UPN%20for%20each%20AD%20bubble%2C%20but%20moving%20forward%20they%20want%20to%20use%20the%20same%20UPN%20across%20all%20these%20AD%20bubbles.%20(Domain%20consolidation%20is%20not%20an%20option)%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CBR%20%2F%3EI%20know%20this%20is%20technically%20possible%20by%20adding%20the%20Domain%20Suffix%20in%20question%20in%20each%20AD%20bubble%20under%20%22Domain%20and%20Trust%22%20settings.%20However%20i%20wonder%20if%20there%20will%20be%20any%20issues%20with%20this%20type%20of%20setup%3F%20Any%20things%20to%20consider%3F%20Will%20SSO%20work%3F%20Is%20this%20even%20possible%20with%20Pass-Through%20Authentication%3F%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3E%3CBR%20%2F%3EIf%20anyone%20has%20tried%20this%20before%20please%20let%20me%20know%20what%20pitfalls%20you%20might%20have%20encountered.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%20class%3D%22_1qeIAgB0cPwnLhDF9XSiJM%22%3EThanks%20in%20advance!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1010879%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAD-Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPass-Through%20Authentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EProPlus%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Visitor

Hi!


I have a customer case where there are multiple on-premises AD that currently synchronize to one Office365 tenant.

Today they use different UPN for each AD bubble, but moving forward they want to use the same UPN across all these AD bubbles. (Domain consolidation is not an option)


I know this is technically possible by adding the Domain Suffix in question in each AD bubble under "Domain and Trust" settings. However i wonder if there will be any issues with this type of setup? Any things to consider? Will SSO work? Is this even possible with Pass-Through Authentication?


If anyone has tried this before please let me know what pitfalls you might have encountered.

Thanks in advance!