Skip to content

How to sync users from a second domain using AD Connect

Everything is connected

Overview

Are you looking to integrate a new company into your existing Azure AD tenant? Or perhaps you need to share your tenancy and Office 365 services with more than one company? If you find yourself in a position where you need to sync users from another domain and have already configured AD Connect, then there is a way to add the second domain to your current Azure tenancy, so you can sync those users from the second domain.

Before proceeding, make sure you review the supported topology when it comes to AD Connect and multiple domains/tenants. You can find the information in this Microsoft article: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies

However, there is one limitation that will most likely cause you the most grief, and is probably why you landed here in the first place. You can only have one AD Connect instance per tenant. So, if you need to sync users from a second domain, you will have to follow the process outlined below.

Establish Domain Trust Before proceeding, you need to establish an AD trust between the two domains. If you have not done this yet, you will need to perform this step first. If you are not sure how to do this, you can refer to this guide: https://www.azure365pro.com/how-to-create-two-way-transitive-trust-windows-server-2008-r2/

OK, now that we have our domain trust established, let’s step into the process.

Step by step guide how to synchronise users from a second domain in to Azure Active Directory.

Launch AD Connect and click on Configure

Welcome to AD Connect

Click on Customize synchronization options and click Next

Enter the credentials to connect to Azure AD and ensure the account is a global administrator.

Enter the name of the second domain and click Add Directory

Enter the details of a user account in the domain that is a member of the enterprise administrators group.

You will now see the second domain added to the configured directories list.

Select whether to sync all the objects in the domain, or to sync only objects in specific OUs.

Select any optional feature you require and click Next

Tick the box if you want to start the synchronisation process once the configuration completes, or you may untick it and place AD Connect into a “disabled” mode (will require PowerShell commands to activate it).

Click Configure when ready to finish the process.

AD Connect will now synchronise objects from both domains into your Azure AD tenant.

You can monitor the process by launching the AD Connect Synchronization Service Manager.

Leave a Reply