May 18 2018 12:11 AM
Hi folks,
I have the following scenario and I'd love to hear your feedback.
- The organization has two entities, let's say A and B
- Two domains. Entity A has @abc.com and entity B had @cde.com
- Both entities have the same the domain for email only. So an A user and a B user, would have A@abc.com and B@abc.com
- Every entity has it's own AD. However, B users have two identities because entity A manages exchange for the whole organization. So a B user, would have an identity in entity A AD (let's say, B@abc.com for email) and another identity in B AD (B@cde.com to sign in to corporate apps)
- Entity B has already a SSO solution (Apegeo CAS) that they'd like to keep and manage by themselves only for their users
The customer needs to migrate to office 365, my questions are:
- AD connect recommended topology, how should we sync users? Should we use email as UPN? (SSO would not work because it requires different domains to distinguish users from A and B)
- If we add the two domains, abc.com and cde.com, can a B user login with their AD credentials B@cde.com but have a different email address B@abc.com. There would be only a hybrid exchange server which is managed by A entity. What configuration could work?
- Other considerations
- I have attached a picture, if it helps. :)
May 21 2018 04:10 AM
- AD connect recommended topology, how should we sync users? Should we use email as UPN? (SSO would not work because it requires different domains to distinguish users from A and B)
SSO will not work regardless as UPN's need to be existing and authenticated in a single domain
- If we add the two domains, abc.com and cde.com, can a B user login with their AD credentials B@cde.com but have a different email address B@abc.com. There would be only a hybrid exchange server which is managed by A entity. What configuration could work?
Yes that is fine as you just add both domains to AADC. If the users UPN's are different and there is a trust between the domains then SSO will work.