active directory
We already have 2 domain controllers in our organization
1.world-hq1.com (having all fsmo roles)
2. world-hq2.com (this is also DC)
We want to build another dc name with world.com ( having all fsmo roles) in our organization.
How can we replicate info from world-hq1.com 2. And world-hq2.com (this is also DC)
To world.com ( which is another DC) preferably only user groups from world-hq1.com 2. And world-hq2.com
any tools we can use , they are all on premise servers
1.world-hq1.com (having all fsmo roles)
2. world-hq2.com (this is also DC)
We want to build another dc name with world.com ( having all fsmo roles) in our organization.
How can we replicate info from world-hq1.com 2. And world-hq2.com (this is also DC)
To world.com ( which is another DC) preferably only user groups from world-hq1.com 2. And world-hq2.com
any tools we can use , they are all on premise servers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
David Johnson, CD
one would normally create the forest world.com and then add the domains hq1.world.com and hq2.world.com.
ASKER
But how should I sync the user groups from domains hq1.world.com and hq2.world.com to world .com
will it sync on its own or what tools I should use
also what type of trust I should have
will it sync on its own or what tools I should use
also what type of trust I should have
Just to be sure we understand your needs - Trusts between domains or forests are used for authentication purposes, so users from one domain can logon in second domain (or different forest - it is your case) by their account from first domain and vice versa. So there is no data sync only authentication request is forwarded to the trusted partner and I trust to response.
ASKER
I am giving you example.
company called -Johnson-hq.com I have right now 2 DC with name as Johnson-hq1.com and Johnson-hq2.com
johnson hq1.com has all fsmo roles
now I want to add Johnson.com as I have purchased that domain into a separate DC
want to have all fsmo roles in it. but need to sync users around 5000 from Johnson-hq1.com and Johnson-hq2.com to Johnson.com
first step would be to create two way trust between these 2 forests, but how will I sync? so how will data sync?
company called -Johnson-hq.com I have right now 2 DC with name as Johnson-hq1.com and Johnson-hq2.com
johnson hq1.com has all fsmo roles
now I want to add Johnson.com as I have purchased that domain into a separate DC
want to have all fsmo roles in it. but need to sync users around 5000 from Johnson-hq1.com and Johnson-hq2.com to Johnson.com
first step would be to create two way trust between these 2 forests, but how will I sync? so how will data sync?
and what is the reason of syncing users ?
ASKER
actually my IT planner wants to finally upgrade to office 365 so that all user attributes sync from Johnson.com to office e365 instead running directory synchronization from two other dc's as he has made Johnson.com as primary tenant in office 365
OK, now it is clear. For your scenario is used Azure AD connect:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-topologies
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-aadconnect-topologies
ASKER
I am reading the article but I need to sync all users from Johnson.com still I need to sync between on premise servers?
All domains will sync with Azure AD connect and Azure AD connect will be single AD partner for O365
ASKER
so you mean even I don't sync to Johnson.com from these other 2dc's it will sync to Johnson.com in 0365
but then what is the point in creating Johnson.com which my IT person wants
but then what is the point in creating Johnson.com which my IT person wants
ASKER
Johnson-hq is a forest and Johnson.com will also be another forest?
ASKER
we want 1 forest
The best scenario is one forest but from your request it looks like your IT will not do it.
The better should be if you send me your current Domain structure.
Because if you have forest ".com" with domains world-hq1.com and world-hq2.com
then you can add third domain "johnson.com" and you do not need any sync inside, because
all domains are in one forest.
The better should be if you send me your current Domain structure.
Because if you have forest ".com" with domains world-hq1.com and world-hq2.com
then you can add third domain "johnson.com" and you do not need any sync inside, because
all domains are in one forest.
ASKER
I need to sync between two on premise forests so that users sync from 1 forest to 0365
ASKER
you are getting closer but he needs 1 more forest created with Johnson .com which will be main tenant in 0365. and want all users to sync from Johnson-hq1 and hq2 to Johnson .com , there must be some way sir
ASKER
my simple question can we sync users between 2 different forests through some tools