locked
Azure AD Connector - Empty-Root/User-domain Forest integration RRS feed

  • Question

  • Hello!

    Please guide me for integration my org's two level AD forest with Azure AD.

    This is architercture:

    Internal forest corp.contoso.com with two domains:

    • corp.contoso.com - empty root domain;
    • hq.corp.contoso.com - user domain (all user accounts here).

    External DNS-domain is: contoso.com.

    I have created Azure Active Directory contoso.com and prooved my domain (TXT-record on public DNS).

    Questions are:

    1. Azure AD Connector waits for corp.contoso.com and hq.corp.contoso.com Azure AD domains. Is there a concept of Forest on Azure AD?
    2. Do I need to add to Azure internal domains too (There is no DNS for corp.* and hq.corp.* on my public DNS) and how?
    3. Is it possible something like UPN suffixes for second level user domain only? Internal users have public @contoso.com mail adresses - this is interesting to abstract from internal domain structure when user sign in to azure.

    Thanks for any help!

    Sunday, April 12, 2020 5:18 PM

All replies

  • 1. No

    2. You should add those as verified domains - you implement it the same way as for the contoso.com domain

    3. Yes - you can use the UPN using the second level domain - assuming you completed step 2 

    hth
    Marcin

    Sunday, April 12, 2020 5:41 PM