Link to home
Start Free TrialLog in
Avatar of chilemoore
chilemoore

asked on

Two AD Domains to one O365 tenant?

I have an interesting scenario.  From what I have read it's not possible but I wanted to see if anyone has a workaround.  I am an educational institution.  We have a two separate Staff and Student networks that include AD services.  We Share One O365 tenant but have a student (studentname@student.school.edu) domain and a staff (staffname@school.edu) domain .  We currently use AD Sync for staff accounts.  Is it possible to add ADSync in my student AD and sync to the tenant but only syncing to the student accounts?  Currently our Staff ADSync only syncs staff accounts (staffname@school.edu).   Reason is I'm trying to improve login process and experience and have some legacy applications that students need to access via RDS Remote Apps.  I could spin up an RDS server in Azure but we are a school and it would be costly to do so.
Avatar of Saif Shaikh
Saif Shaikh
Flag of India image
Azure AD Connect supports connecting multiple forests to a single Azure AD tenant. A server that runs Azure AD Connect does not have to be joined to any domain locally, however, it must be able to access domain controllers in both forests.

 

In some cases, you can choose to place the Azure AD Connect server in a  (DMZ), especially if you do not have a direct network connection to all forests that you would like to include in the synchronization.
Avatar of Saif Shaikh
Saif Shaikh
Flag of India image
Please look at supported topologies for Azure AD Connect here:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
ASKER CERTIFIED SOLUTION
Avatar of Alan Cox
Alan Cox
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Jeff Glover
Jeff Glover
Flag of United States of America image
If what you put in the original question is accurate, the only issue you will have is if both Domains have the same UPN suffix. We are also an Education institution and for now, both our Student domain and our Staff domain are synced to the tenant via AADConnect. We can do this because they have completely different UPN suffixes. If the suffix is the same, i.e. @school.edu, then you may have an issue with AADConnect.
  BTW, our AADConnect server is not domain joined and we have had absolutely no issues. We simply make sure we can resolve both ADs from the Server which is in a DMZ and is a workgroup Server.
Avatar of Alan Cox
Alan Cox
Flag of United States of America image
working doesn't mean right:
directly from MS:
 
Important:

Installing Azure AD Connect on small business server, server essentials, or server core is not supported.

Azure AD Connect must be installed on Windows Server 2008 R2 or later. This server must be domain joined and may be a domain controller or a member server.

1 AAD connect per tenant

Having more than one Azure AD Connect sync server connected to a single Azure AD tenant is not supported.

I don't believe UPNs will make any difference as I've set them up with different UPNs and the same as long as the UPN is a registered domain in O365.
Avatar of chilemoore
chilemoore

ASKER

Thanks for the feedback.  our UPN suffix are different.
Avatar of chilemoore
chilemoore

ASKER

Thanks gentlemen.  I have some ground work to fix but will get this underway soon.