Can the Azure AD Provisioning Service and Azure AD Connect Provisioning Agent provision to multiple ACtive Directory domains and forests?

Michael Liben 161 Reputation points
2022-08-22T19:27:36.29+00:00

I recall some presentation from earlier in 2022 related to the SAP SuccessFactors to Active Directory provisioning solution would support multiple on-premises Active Directory domains and forests. However, when viewing the currently available documentation at https://video2.skills-academy.com/en-us/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-tutorial and https://video2.skills-academy.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial , it appears that the agent can only be configured to a single domain endpoint.

SAP HANA on Azure Large Instances
SAP HANA on Azure Large Instances
Microsoft branding terminology for an Azure offer to run HANA instances on SAP HANA hardware deployed in Large Instance stamps in different Azure regions.
120 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,367 questions
Accepted answer
  1. Jess Astorga 106 Reputation points Microsoft Employee
    2022-08-23T22:45:04.49+00:00

    Hello @Michael Liben ,

    Thank you for the information provided, the success factors integration does allow to sync to multiple on-premises domains, the information on the specific multiple-forest topologies supported can be found on this link: https://video2.skills-academy.com/en-us/azure/active-directory/app-provisioning/plan-cloud-hr-provision#single-cloud-hr-app-tenant---target-single-or-multiple-active-directory-child-domains-in-a-trusted-forest

    For disjointed domains you can configure separate provisioning agent groups for each specific forest. As shown below:

    234198-image.png

    Another option is to configure separate apps to provision distinct user sets from Cloud HR to multiple on-premises Active Directory domains:

    234261-image.png

    Please let me know if the document provided includes the topology you're interested in and I'll gladly assist reviewing other questions you may have.

    -Jessie

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,641 Reputation points Microsoft Employee
    2022-08-23T12:56:55.377+00:00

    Hi @Michael Liben ,

    From description above, I could understand that you are looking for AAD provisioning agent supported topology (please correct me if this is not the case).

    As per https://video2.skills-academy.com/en-us/azure/active-directory/cloud-sync/plan-cloud-sync-topologies the given topologies are supported and would be following for user provisioning.

    • Single forest, single Azure AD tenant
    • Multi-forest, single Azure AD tenant
    • Existing forest with Azure AD Connect, new forest with cloud Provisioning
    • Piloting Azure AD Connect cloud sync in an existing hybrid AD forest

    Ref: https://video2.skills-academy.com/en-us/azure/active-directory/cloud-sync/tutorial-existing-forest

    Note: Please do accept the answer and rate your experience if the above-mentioned suggestion works as per your business need.

    0 comments