locked
Multiple companies in a single AD, what is the best way? RRS feed

  • Question

  • My client manages BI services for their customers(pf which there are around 30). They use Power BI (and therefore WAAD), but their data is stored in a large DW on an on premise server. Trying to make sense of how to segment the customers from each of their 30 or so customers from each other. Assume three customers: ABC, XYZ and ACME. Customers from each will have unique log ins to Power BI and these will be passed to an on premise SSAS Tabular server which exposes the data to each via 3 separate SSAS Tabular mode cubes (ABC_Cube, XYZ_Cube and ACME_Cube).

    The SSAS Tabular Server will also host the required SSAS Connector.

    The SQL Server DW server will also host the required Personal Gateway.

    The SSAS Tabular, SQL Server and AD are all in the same domain (lets call it the BI domain).

    If all the customers across ABC, XYZ and ACME were in the same @BI domain then no problem, but I do need to segment them in some way from each other. What is the best way to achieve this? Is it through organisational units?

    For example Joe and Pete from ABC, Sarah and John from XYZ and Daniel and Josh from ACME must be separated from each other. Joe@ABC_BI.com, Pete@ABC_BI.com, Sarah@XYZ_BI.com, John@XYZ_BI.com, Daniel@ACME_BI.com and Josh@ACME_BI.com.

    @ABC_BI.com, @XYZ_BI.com and @ACME_BI.com will then be synced to separate WAAD's (one for ABC, one for XYZ and one for ACME).

    The reason why I am not considering separate AD's as well is because the 2 servers (as stated) must be in the same domain. I.e. one domain, but segmented somehow.

    Any help appreciated.


    'If this was helpful, please mark and an answer or as being helpful'


    Monday, August 10, 2015 1:51 AM

Answers

  • Greetings!

    When you perform a multi-forest sync to Azure AD (using AAD Connect / AAD Sync), this will add the user objects across different forests into a single Azure AD tenant, which will be like creating trust between them in cloud - which is undesired as per your scenario above.

     

    Thank you,

    Arvind

    Monday, August 10, 2015 7:36 AM

All replies

  • Greetings!

    When you perform a multi-forest sync to Azure AD (using AAD Connect / AAD Sync), this will add the user objects across different forests into a single Azure AD tenant, which will be like creating trust between them in cloud - which is undesired as per your scenario above.

     

    Thank you,

    Arvind

    Monday, August 10, 2015 7:36 AM
  • You can have multiple custom domains inside the same directory. I hope I didn't misinterpreted your question here. 

    Santhosh Sivarajan | Houston, TX | www.sivarajan.com
    ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA

    Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012

    Blogs: Blogs
    Twitter: Twitter
    LinkedIn: LinkedIn
    Facebook: Facebook

    Microsoft Virtual Academy: Microsoft Virtual Academy

    This posting is provided AS IS with no warranties, and confers no rights.

    Monday, August 10, 2015 4:52 PM