Forum Discussion
Replace multi forest on prem ADs with AAD
Hello,
I searched this on internet many times but I couldn't find a solid answer for this. My problem is,
We have on-prem DCs in three countries (US, Sweden, UK)
All three has their own forests, not replicated or synced to each other or no link at all.
Each DC has 500+ user profiles
We are planning to completely get rid of on-prem ADs in three locations and use AAD and merge all three locations. We are not consider about GPOs and other stuffs on on-prem has. We only needed the authentication from a single location and access to O365 and no physical servers. That's all.
My Plan is sync all three servers using Azure AD connect to the same Azure tennant. Once everything synced, use in a one domain. May be it sounds stupid but is it possible?
Thank you in advance.
Hi DNM0288
This is certainly possible!
One thing to keep in mind is that there can only be one active AADC per tenant.
To replicate multiple AD forests to 1 tenant, you need to get a trust between the 3 different tenants. Check this link for more information : https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-forests-single-azure-ad-tenant
This can't be done without a trust.
Once this has been setup all users will be enabled in Azure Active Directory and will authenticate to a single tenant.
If you have any more questions, don't hesistate to reply 🙂
- This is correct you can only have one AAD Connect server syncing to an AAD tenant at any given time. However you don't need a trust between forests. The AAD Connect server needs to be able to communicate to the other three forests so a VPN or another method of connectivity is needed.
https://docs.microsoft.com/en-us/skypeforbusiness/hybrid/cloud-consolidation-aad-connect
