Office 365 \ Exchange Hybrid Multiple Forest Domains. Reduce 2 AD accounts into 1 AD account.

%3CLINGO-SUB%20id%3D%22lingo-sub-319218%22%20slang%3D%22en-US%22%3EOffice%20365%20%5C%20Exchange%20Hybrid%20Multiple%20Forest%20Domains.%20Reduce%202%20AD%20accounts%20into%201%20AD%20account.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319218%22%20slang%3D%22en-US%22%3E%3CP%3ECompany%20A%20have%20an%20Exchange%202016%20%2F%20Office%20365%20hybrid%20setup.%20This%20has%20been%20in%20place%20now%20for%20about%204%20years.%20All%20mailboxes%20are%20migrated%20to%20Office%20365.%20The%20admin%20of%20these%20mailboxes%20is%20still%20done%20via%20the%20local%20Exchange%20servers%20Exchange%20Management%20Console%20and%20synched%20via%20AD%20Connect.%20Since%20creating%20this%20hybrid%20setup%2C%20Company%20A%20has%20purchased%20Company%20B%20which%20we%20have%20added%20to%20the%20hybrid%20setup.%20Company%20B%20has%20kept%20their%20own%20domains%20but%20have%20used%20our%20hybrid%20setup%20for%20email%20using%20the%20Office%20365%20%2F%20Hybrid%20system.%20So%20Company%20B%20have%20their%20own%20domain%20completely%20separate%20to%20ours%20but%20also%20use%20another%20AD%20user%20account%20in%20Company%20A%E2%80%99s%20hybrid%20setup%20for%20Office%20365%20email%20accounts.%3C%2FP%3E%3CP%3EWhat%20we%20want%20to%20do%20is%20have%20Company%20B%20keep%20their%20own%20domain%20and%20users%20but%20have%20it%20connect%20via%20AD%20Connect%20to%20our%20Office%20365%20%2F%20Hybrid%20setup%20but%20not%20use%20Company%20A%E2%80%99s%20AD%20domain%20%2F%20user%20accounts.%20I%20know%20this%20can%20be%20done%20using%20one%20AD%20Connect%20server%20(as%20we%20already%20have)%20and%20connecting%20the%20other%20Company%20B%20AD%20forest%20to%20it.%20What%20I%20want%20to%20know%20is%20there%20an%20easy%20way%20for%20the%20Company%20B%20AD%20accounts%20to%20overwrite%20the%20secondary%20Company%20A%20accounts%20they%20are%20also%20currently%20using%20and%20keep%20the%20email%20accounts%20etc%3F%3C%2FP%3E%3CP%3ESo%20use%20their%20current%20Company%20B%20AD%20account%20and%20somehow%20attach%20their%20current%20company%20A%20Office%20365%20email%20mailbox%20to%20it%20while%20deleting%20the%20Company%20A%20AD%20account.%3C%2FP%3E%3CP%3EHope%20this%20all%20makes%20sense%20%3Asmiling_face_with_smiling_eyes%3A%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-319218%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMigration%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%20Groups%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-319676%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20%5C%20Exchange%20Hybrid%20Multiple%20Forest%20Domains.%20Reduce%202%20AD%20accounts%20into%201%20AD%20account.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319676%22%20slang%3D%22en-US%22%3EBe%20advised%20that%20this%20HardMatch%20might%20no%20longer%20work%20as%20from%20newer%20AAD%20Connect%20versions%20the%20default%20source%20anchor%20for%20matching%20up%20accounts%20is%20the%20ms-ds-consistency-guid%20%3A)%3C%2Fimg%3E%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Flatam%2F2018%2F03%2F27%2Fusing-the-consistencyguid%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Flatam%2F2018%2F03%2F27%2Fusing-the-consistencyguid%3C%2FA%3E%2F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-319233%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20%5C%20Exchange%20Hybrid%20Multiple%20Forest%20Domains.%20Reduce%202%20AD%20accounts%20into%201%20AD%20account.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-319233%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20form%20of%20soft%2Fhard-matching%20should%20do%20the%20trick%2C%20although%20it's%20probably%20easier%20to%20just%20collapse%20the%20two%20domains%2Fforests%20into%20a%20single%20one.%20Here's%20a%20sample%20article%20describing%20the%20hard-match%20method%3A%20%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fpraveenkumar%2F2014%2F04%2F11%2Fhow-to-do-hard-match-in-dirsync%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fpraveenkumar%2F2014%2F04%2F11%2Fhow-to-do-hard-match-in-dirsync%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Company A have an Exchange 2016 / Office 365 hybrid setup. This has been in place now for about 4 years. All mailboxes are migrated to Office 365. The admin of these mailboxes is still done via the local Exchange servers Exchange Management Console and synched via AD Connect. Since creating this hybrid setup, Company A has purchased Company B which we have added to the hybrid setup. Company B has kept their own domains but have used our hybrid setup for email using the Office 365 / Hybrid system. So Company B have their own domain completely separate to ours but also use another AD user account in Company A’s hybrid setup for Office 365 email accounts.

What we want to do is have Company B keep their own domain and users but have it connect via AD Connect to our Office 365 / Hybrid setup but not use Company A’s AD domain / user accounts. I know this can be done using one AD Connect server (as we already have) and connecting the other Company B AD forest to it. What I want to know is there an easy way for the Company B AD accounts to overwrite the secondary Company A accounts they are also currently using and keep the email accounts etc?

So use their current Company B AD account and somehow attach their current company A Office 365 email mailbox to it while deleting the Company A AD account.

Hope this all makes sense :smiling_face_with_smiling_eyes:

2 Replies
Highlighted

Some form of soft/hard-matching should do the trick, although it's probably easier to just collapse the two domains/forests into a single one. Here's a sample article describing the hard-match method: https://blogs.technet.microsoft.com/praveenkumar/2014/04/11/how-to-do-hard-match-in-dirsync/

Highlighted
Be advised that this HardMatch might no longer work as from newer AAD Connect versions the default source anchor for matching up accounts is the ms-ds-consistency-guid :) :smiling_face_with_smiling_eyes:https://blogs.technet.microsoft.com/latam/2018/03/27/using-the-consistencyguid/