Sync users from one On-Prem to two Azure Azure tenants

Question

Hi all,
We're on on-prem AD business that currently uses Azure AD Connect to sync all users in our AD domain to Azure.
One of our large divisions wants to have their own Azure AD instance, with their own branding on it, rather than being under our main one. Management has agreed to this, and IT has been tasked with implementing it.

So my question is, can we sync users from our on-prem AD, to two different Azure tenants? I'm assuming if it is possible, I'd need two VM's running Azure AD Connect, and probably need to use two different attributes for the source anchor? We're using the default "ms-ds-consistencyguid" for our existing one now.

There isn't a ton of data in the existing azure/o365 instance, as we're mostly a G-suite shop for e-mail/drive/etc, but this division is going to be using more o365. We'd like to be able to have the users exist in both, at least temporarily, while we migrate them.

Thanks for any input.

Answer

Sure, you can do that. See:

https://video2.skills-academy.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants

Note:

This topology has the following restrictions on otherwise supported scenarios:

Only one of the Azure AD tenants can enable an Exchange hybrid with the on-premises Active Directory instance.
Windows 10 devices can be associated with only one Azure AD tenant.
The single sign-on (SSO) option for password hash synchronization and pass-through authentication can be used with only one Azure AD tenant.

Share via

Sync users from one On-Prem to two Azure Azure tenants

1 answer

Your answer