Home

Windows AD identities synced to another Azure AD tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-856739%22%20slang%3D%22en-US%22%3EWindows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856739%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20user%20identities%20in%20an%20on-prem%20Windows%20Server%20AD%20that%20are%20synced%20to%20an%20Azure%20AD%20tenant%20called%20tenantA.onmicrosoft.com.%20However%20we%20manage%20our%20infrastructure%20in%20another%20Azure%20AD%20tenant%20called%20tenantB.onmicrosoft.com.%20Because%20our%20backend%20systems%20are%20in%20that%20tenant%20we%20need%20to%20deploy%20WVD%20in%20tenantB.%20A%20prequisite%20of%20WVD%20is%20that%20user%20identities%20are%20synced%20to%20to%20Azure%20AD%20of%20tenantB%20and%20that%20the%20user%20SID's%20need%20to%20match.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20this%20article%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E)%20I%20understand%20that%20Microsoft%20does%20not%20support%20to%20sync%20user%20identities%20with%20more%20than%201%20Azure%20AD.%20Is%20that%20indeed%20the%20case%20and%20if%20so%2C%20is%20there%20some%20kind%20of%20solution%20for%20this%3F%20For%20more%20insight%20see%20this%20picture.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131920i58B11EDD042CC38A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AD-sync-anonymous.png%22%20title%3D%22AD-sync-anonymous.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907715%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907715%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20having%20the%20same%20concern%20about%20Azure%20Subscription%20where%20my%20host%20pools%20will%20be%20located%20was%20in%20another%20Azure%20AD%20tenant%20and%20my%20Users%20with%20licenses%20are%20in%20different%20Azure%20AD%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20no%20where%20mentioned%20that%20where%20my%20host%20pools%20are%20located%20I%20should%20sync%20the%20user%20in%20that%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20raised%20the%20same%20question%20before%20in%20the%20forum%20and%20then%20I%20tried%20this%20myself.%20Everything%20works%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Marcel A' Campo
Occasional Contributor

We have user identities in an on-prem Windows Server AD that are synced to an Azure AD tenant called tenantA.onmicrosoft.com. However we manage our infrastructure in another Azure AD tenant called tenantB.onmicrosoft.com. Because our backend systems are in that tenant we need to deploy WVD in tenantB. A prequisite of WVD is that user identities are synced to to Azure AD of tenantB and that the user SID's need to match.

 

From this article (https://docs.microsoft.com/nl-nl/azure/active-directory/hybrid/plan-connect-topologies) I understand that Microsoft does not support to sync user identities with more than 1 Azure AD. Is that indeed the case and if so, is there some kind of solution for this? For more insight see this picture. AD-sync-anonymous.png

1 Reply
Highlighted

I was having the same concern about Azure Subscription where my host pools will be located was in another Azure AD tenant and my Users with licenses are in different Azure AD tenant.

There is no where mentioned that where my host pools are located I should sync the user in that tenant. 

 

I had raised the same question before in the forum and then I tried this myself. Everything works fine.

 

https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Azure-AD-tenant-is-different-and-Azur...

 

@Marcel A' Campo 

Related Conversations
Calendar not available for older AD accounts
_jancis in Microsoft Teams on
0 Replies
Azure Files with adfs
Stephane KLOIS in Azure on
0 Replies
What is a native non-object synchronised Azure AD instance?
Pn1995 in Azure on
0 Replies
Azure Automation connecting to Exchange with MFA enforced
Chris Johnston in Azure on
13 Replies
Intune Win32 apps error 0x80070002
bjornmertens in Microsoft Intune on
5 Replies