• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 37
  • Last Modified:

Sync 2 AD domains into 1 Tenant using AAD Connect

What we would like to do is this:

Company A has an existing AD domain with a 365 tenant with email and SharePoint.
Company B has an existing AD domain with a 365 tenant with email and SharePoint.

We would like to move email from the Company B tenant into Company A tenant, and leave the SharePoint alone for now. The basic question is whether we can sync 2 AD domains into 1 Tenant using AAD Connect? I believe we can from what I have read.

Does anyone have experience with this scenario? Does this seem reasonable? Ideas on how to proceed?
0
mikeagonistes
Asked:
mikeagonistes
  • 2
  • 2
3 Solutions
 
Cliff GaliherCommented:
You can't "leave sharepoint alone for now" because that means you are actually syncing domain B to *two* tenants (one tenant for email and the existing tenant for sharepoint)  

Because of the unique IDs that are stamped on an AD account during syncing, you'll also have issues migrating to a new tenant. You don't have an easy path no matter what you do.
0
 
Jeff GloverSr. Systems AdministratorCommented:
To answer your question, yes you can sync 2 AD domains to 1 tenant with AAD connect. We already do this. We sync 2 different domains (that are in different forests) into our tenant. For Sharepoint, email, etc... it is a matter of licensing them once they are there. My recommendation, that we followed, is to standup your AAD connect server as a Workgroup Server that has physical connections to both domains. You can do this by placing a Conditional forwarder in one domain for the other one or you could do it the clunky way via hosts files but the AAD connect server has to be able to reach both DCs.
  Of course, you will need an account to connect to your tenant, and a service account in both domains. Once AADConnect is installed, you run the wizard to connect one Domain, then again to connect the other. There are many good references for this online. Each domain will have its own Sync jobs (AD to AADConnect, AADConnect to O365)
0
 
Cliff GaliherCommented:
All true if the environment were new and clean.  But with existing tenants, issues arise due to the immutable IDs associated with the existing tenants (plural, based on the OPs original question) and the desire to merge/migrate.  If AADConnect is set up to sync both domains, it will either fail or will break the existing second tenant, depending on the specifics of the existing configuration..  Neither outcome is desireable obviously.
0
 
Jeff GloverSr. Systems AdministratorCommented:
Sorry I was addressing just the AADConnect issue  Of course we cannot address every single possible iteration here but since he asked about 2 domains to one tenant, that is what I addressed. AADConnect runs easily with multiple domains but when we did it, we decommissioned the second tenant and let AADConnect recreate the accounts in the first tenant. Then setup scheduled scripts looking for the UPN to set licenses. SO in essence it was not a Merge but more of a migration.

  I do agree, however, that you doing a partial migration (exchange and not Sharepoint) from two tenants into one is fraught with peril. That part is absolutely true. You could the existing Sharepoint in the second tenant with local O365 accounts only,  no Account Sync at all but it would be rather clunky to say the least. When we consolidated, we just abandoned the old tenant after we had the users export their mail to pst.
0
 
mikeagonistesAuthor Commented:
Thank you both for the advice and explanation!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now