AAD Connect多森林方案

本文介绍了AAD Connect多森林方案的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

团队，

我们有两个森林A和B.
对于林A，我们已将用户对象同步到Azure AD和O365中的预配置邮箱.
我们已在Azure上为ASO的林A配置了AAD连接服务器和ADFS服务器.
在AAD connect中，我们选择了与"mail"匹配的属性作为用户主体名称，并选择了该选项，因为每个森林中用户仅存在一次.

现在，我们想将Forest B用户带到Azure AD，并在同一O365租户中迁移其邮箱.
我们在森林A和森林B之间没有信任.
我们不希望将ADFS服务器用于森林B用户的身份验证.
我们需要配置相同的AAD连接服务器，因为它支持多林拓扑.

稍后，一旦所有邮箱都迁移到O365的Forest B，我们计划合并Forest A和ForestB.

您能否通过一些文章来指导我，这些文章可以帮助我为多林配置AAD连接，将来将帮助我整合这两个林.
我们还可以拥有这样的拓扑:通过同一个AAD连接同步两个林，一个林使用ADFS进行SSO，而另一个林仅通过AAD连接使用密码同步.

谢谢
Mitesh Jain

Hi Team,

We have two forest Forest A and Forest B.
For forest A we have synced the user objects to Azure AD and provisioned mailboxes in O365.
We have configured AAD connect and ADFS servers on Azure for Forest A for SSO.
In AAD connect we had selected the attribute for matching as 'mail' as user principle name and selected the option as users exist only once per forest.

Now we want to bring our Forest B users to Azure AD and migrate their mailboxes in the same O365 tenant.
We do not have trust between Forest A and Forest B.
We do not want use ADFS server for Authentication of Forest B users.
We need to configure the same AAD connect server as it supports multi forest topology.

Later once all the mailboxes are migarted to O365 for Forest B we plan to consolidate Forest A and Forest B.

Can you guide me with some articles which can help me configure AAD connect for multi forest and in future will help me consolidate both the forest.
Also can we have such a topology where we sync two forest through the same AAD connect and one forest uses ADFS for SSO and the other forest uses just the password sync through AAD connect.

Thanks,
Mitesh Jain

same

AAD Connect多森林方案

问题描述

推荐答案