Forum Discussion

Off2w0rk's avatar
Off2w0rk
Brass Contributor
Aug 22, 2017
Solved

Two different domains in one Office 365 tenant

Hi all,   Our scenario is the following:   CompanyA has on-premise AD and Exchange. They have deployed Azure AD Connect and ADFS with their own Azure tenant and everything is working fine.   Co...
exchange
hybrid
office 365
On-Premises
  • Dominik Hoefling's avatar
    Dominik Hoefling
    Aug 22, 2017

    Hi,

     

    There can be only one Azure AD Connect instance for a single Azure tenant. This means, you have to use one AAD Connect instance for both companies, if you want to go single tenant.

     

    Azure AD Connect supports connecting multiple forests to a single Azure AD tenant. A server that runs Azure AD Connect does not have to be joined to any domain locally, however, it must be able to access domain controllers in both forests.

     

    In some cases, you can choose to place the Azure AD Connect server in a  (DMZ), especially if you do not have a direct network connection to all forests that you would like to include in the synchronization.

     

    If you need more information, you probable should tell what is your goal and how both companies must work together.

     

Off2w0rk's avatar
Off2w0rk
Brass Contributor
Feb 14, 2018

1 and 2 is a no go, since companyC has to be owned by one of the companies and you cannot share UPN domain with multiple forest in a trust..not 100% sure.

3 is yes, CompanyA and company be has trust and communuications to each other. Azure AD connect is setup in the domain that is setup for O365. Same azure ad connect can sync users from the other domain. They will then share same tenancy., this is called multiple forest : https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies

Both Domains should have own Exchange on-premise in hybrid setup, since linked mailboxes is not supported in O365.

Mark Rioux's avatar
Mark Rioux
Copper Contributor
May 22, 2018

Hi Off2w0rk, were you able to successfully federate two different domains/companies to one O365 Tenant? 

 

We have it where we have a longterm partnership with a company that has their own O365 Tenant and AD On Prem Environment. 

 

But want to add their domain to our O365 only/ (not our on Prem) From reading this forum, you are able to use Azure AD Connect and add the other company from there?

 

And they would be able to still access their tenant and our tenant?

 

 

 

 

  • Off2w0rk's avatar
    Off2w0rk
    Brass Contributor
    May 22, 2018

    Hi Mark,

     

    yes we ended up with full trust between on-premises AD and used Azure AD Connect to Sync both AD to O365.

    Please look at supported topologies for Azure AD Connect here:

    https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-topologies

     

    Can you describe the part where you want to add their domain only to your O365?

    What kind of collaboration are you looking for?

    For you, I think B2B is the best option, then you don't need to have any On-premises AD trust.

    More info here: https://docs.microsoft.com/en-us/azure/active-directory/b2b/what-is-b2b