I will be setting up an AD FS farm in order to link to SharePoint Online (part of Office 365).
We have a single-forest AD environment with three (3) child domains under the root forest domain.
The root forest domain isn't used except for a few management accounts.
All three child domains have users that will need to access our single SharePoint Online instance.
I believe my best course of action will be to setup the AD FS farm under the root forest domain since it has trusts to all its child domains.
I'll be installing an AD FS server as well as a WebProxy server and then federating to the Azure AD that SharePoint Online requires.
What would be the best way to ensure all users within the three child domains can log into SharePoint Online?
I believe I'll have to modify some of the claims from the default in order to achieve this.
Any direction/best practices/general help would be appreciated.