question

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 asked FedericoCoppola-2569 answered

Merge on premise domain and Office365 (users and clients)

Good morning guys,
I have two domain controllers on premise.
After that a third company sell and manage Office365 for a long time and this company has populated Office365 with users accounts.
Shortly, In this moment each user has got two account:
1) local company domain (for example name.surname@company.local)
2) cloud companty (name.surgname@company.com)

My goal is to merge these two world.
I would that company users use just one account.
I have seen that there are different option and I think that the easiest is "Password Hash".
I dont't like it due to it is just a sync from on premise AD to Azure AD. After that it is a limitation for Sharepoint configuration that there are in this moments.

What do you suggest?
Can I sync computer joined to domani too?
I need it due to I would create access rules to Outlook company service just from domain computer.

Is there problem to create SSO if there are users in cloud too?

Thanks so much!
Federico

azure-active-directoryazure-ad-connect
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered MarileeTurscak-MSFT commented

My suggestion would be to Create a new on-premises Active Directory from data in Azure AD

Then you can use the multi-forest/single Azure AD tenant topology.

32774-image.png

You will need to update AD Connect to include more than one forest. You don't necessarily need to use Password Hash Sync. You could also use Pass-Through Authentication or ADFS if there are forest trusts between your Active Directory forests and if name suffix routing is correctly configured.


image.png (120.9 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FedericoCoppola-2569 avatar image
0 Votes"
FedericoCoppola-2569 answered

Hello @MarileeTurscak ,
Thanks for your reply!

In my case I have Active Directory on premise (I directly manage it) and Azure Active Directory (it was managed by another IT company before).

Your article talks about the creation of a new on premise Active Directory (on premise AD Is empty, in my case is full and running) from Azure

Can I create a new AD on premise?
Can I create a second AD on premise?


Thanks!

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.