Home

Windows AD identities synced to another Azure AD tenant

%3CLINGO-SUB%20id%3D%22lingo-sub-856739%22%20slang%3D%22en-US%22%3EWindows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-856739%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20user%20identities%20in%20an%20on-prem%20Windows%20Server%20AD%20that%20are%20synced%20to%20an%20Azure%20AD%20tenant%20called%20tenantA.onmicrosoft.com.%20However%20we%20manage%20our%20infrastructure%20in%20another%20Azure%20AD%20tenant%20called%20tenantB.onmicrosoft.com.%20Because%20our%20backend%20systems%20are%20in%20that%20tenant%20we%20need%20to%20deploy%20WVD%20in%20tenantB.%20A%20prequisite%20of%20WVD%20is%20that%20user%20identities%20are%20synced%20to%20to%20Azure%20AD%20of%20tenantB%20and%20that%20the%20user%20SID's%20need%20to%20match.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20this%20article%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fnl-nl%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%3C%2FA%3E)%20I%20understand%20that%20Microsoft%20does%20not%20support%20to%20sync%20user%20identities%20with%20more%20than%201%20Azure%20AD.%20Is%20that%20indeed%20the%20case%20and%20if%20so%2C%20is%20there%20some%20kind%20of%20solution%20for%20this%3F%20For%20more%20insight%20see%20this%20picture.%26nbsp%3B%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F131920i58B11EDD042CC38A%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22AD-sync-anonymous.png%22%20title%3D%22AD-sync-anonymous.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-907715%22%20slang%3D%22en-US%22%3ERe%3A%20Windows%20AD%20identities%20synced%20to%20another%20Azure%20AD%20tenant%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-907715%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20having%20the%20same%20concern%20about%20Azure%20Subscription%20where%20my%20host%20pools%20will%20be%20located%20was%20in%20another%20Azure%20AD%20tenant%20and%20my%20Users%20with%20licenses%20are%20in%20different%20Azure%20AD%20tenant.%3CBR%20%2F%3E%3CBR%20%2F%3EThere%20is%20no%20where%20mentioned%20that%20where%20my%20host%20pools%20are%20located%20I%20should%20sync%20the%20user%20in%20that%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20had%20raised%20the%20same%20question%20before%20in%20the%20forum%20and%20then%20I%20tried%20this%20myself.%20Everything%20works%20fine.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FWindows-Virtual-Desktop%2FAzure-AD-tenant-is-different-and-Azure-Subscription-where-my%2Ftd-p%2F895654%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F193408%22%20target%3D%22_blank%22%3E%40Marcel%20A'%20Campo%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

We have user identities in an on-prem Windows Server AD that are synced to an Azure AD tenant called tenantA.onmicrosoft.com. However we manage our infrastructure in another Azure AD tenant called tenantB.onmicrosoft.com. Because our backend systems are in that tenant we need to deploy WVD in tenantB. A prequisite of WVD is that user identities are synced to to Azure AD of tenantB and that the user SID's need to match.

 

From this article (https://docs.microsoft.com/nl-nl/azure/active-directory/hybrid/plan-connect-topologies) I understand that Microsoft does not support to sync user identities with more than 1 Azure AD. Is that indeed the case and if so, is there some kind of solution for this? For more insight see this picture. AD-sync-anonymous.png

1 Reply
Highlighted

I was having the same concern about Azure Subscription where my host pools will be located was in another Azure AD tenant and my Users with licenses are in different Azure AD tenant.

There is no where mentioned that where my host pools are located I should sync the user in that tenant. 

 

I had raised the same question before in the forum and then I tried this myself. Everything works fine.

 

https://techcommunity.microsoft.com/t5/Windows-Virtual-Desktop/Azure-AD-tenant-is-different-and-Azur...

 

@Marcel A' Campo 

Related Conversations
PDF generation in Azure App Service
Ryan Stone in Azure on
0 Replies
Notify when App Service isn't available
meStupid in Azure on
1 Replies
NYC, NJ or PA Developer Opportunity
chpalmer in Azure on
0 Replies