This blog is a continuation to Part 2.
TechPoss Organization – Hybrid Identity Sync
Techposs organization decided to migrate the mailboxes of the business entities Technically Possible and Hybrid Shell to two individual Office 365 tenants. Two Office 365 tenants tenant1.onmicrosoft.com and tenant2.onmicrosoft.com are created. All existing licenses are upgraded to Microsoft 365 E3 License and business entities will manage there licenses in there respective tenants.
Identity Design
Domain technicallypossible.com is registered in tenant1.onmicrosoft.com tenant and domain hybridshell.com is registered in tenant2.onmicrosoft.com tenant. Azure AD Connect servers are deployed for each tenant. Azure AD connect Server TP will sync the users of technicallypossible.com domain to tenant1 and Azure AD Connect Server HS will sync the users of hybridshell.com to tenant2. It is very important to ensure that each user is synced to only one Azure AD.
Azure AD Connect – TechnicallyPossible.com
technicallypossible.com domain is verified healthy in https://admin.microsoft.com portal for the tenant1.onmicrosoft.com Office 365 tenant
New Windows Server named Azure AD Connect TP is provisioned in techposs.internal domain and Azure AD Connect is installed with custom installation options.
TechPoss already have ADFS and would continue OnPrem Authentication. Federation is not selected while running the AADC setup, instead configured later using PowerShell.
Connect to tenant1.onmicrosoft.com using Global Admin.
New active directory service account is created using the wizard. Connected the TechPoss Active Directory using Enterprise Admin credential.
technicallypossible.com is verified in the tenant and accept to continue without the non verified domains.
Selected only the OU where users of technicallypossible.com domain are located for synchronization.
mS-DS-ConsistencyGuid is selected as the Azure AD source anchor.
No Filtering Applied. Exchange Hybrid Deployment Option is selected. Password sync/write options are not selected, since TechPoss does want to sync passwords between on-premises and cloud.
Finalize the setup and the users to Office 365 tenant
technicallypossible.com users are now synced to tenant1.onmicrosoft.com tenant.
Azure AD Connect – HybridShell.com
hybridshell.com domain is verified healthy in https://admin.microsoft.com portal for the tenant2.onmicrosoft.com Office 365 tenant.
New Windows Server named Azure AD Connect HS is provisioned in techposs.internal domain and Azure AD Connect is installed with custom installation options.
TechPoss already have ADFS and would continue OnPrem Authentication. Federation is not selected while running the AADC setup, instead configured later using PowerShell.
Connect to tenant2.onmicrosoft.com using Global Admin.
New active directory service account is created using the wizard. Connected the TechPoss Active Directory using Enterprise Admin credential.
hybridshell.com is verified in the tenant and accept to continue without the non verified domains.
Selected only the OU where users of hybridshell.com domain are located for synchronization.
mS-DS-ConsistencyGuid is selected as the Azure AD source anchor.
No Filtering Applied. Exchange Hybrid Deployment Option is selected. Password sync/write options are not selected, since TechPoss does not want to sync passwords between on-premises and cloud.
Finalize the setup and the users to Office 365 tenant
hybridshell.com users are now synced to tenant2.onmicrosoft.com tenant.
Whats Next
In the next part we will see the One-to-Many Exchange Hybrid Wizard and setting up Sync-GalToMutipleTenants tool for address book synchronization.
Part 2 – Continue Reading – Part 4
– Thanks for your visit –