This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 54%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Currently the server's AD computer object in AD must be synced to Azure AD using Azure AD Connect before it can be managed in Intune. Can we add multiple domains on Azure AD Connect even if the setup of the on-prem is a one-way trust relationship?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Mark Nagas Just checking in to see if any of the below information was helpful. If you have any further updates on this issue, please feel free to post back.
Please remember to "Accept Answer" if any of the below answer helped, so that others in the community facing similar issues can easily find the solution.
HI there.
Ok, so you are referring to AD forests, yes. Not domains?
Is this multiple forests into one Azure tenant?
from that doc, I dont see a requirement for a two-way trust. Do you have a link to a doc that states that?
AADConnect will sync all the domains in your on-prem AD forest to Azure as long as the domain is verified in Azure:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies
Yes, but there are a number of technical requirements for syncing additional AD domains. One of these requirements is a two-way forest trust between our primary AD domain and each additional AD domain. Currently, we have one-way forest trust relationships in place. Is there a workaround?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @Mark
Agree with Andy. Trust is not required if you want synchronize many forest on-prem through same Azure AD connect.
You don't need trust relationship because when you will add a additional forest to be synced through Azure AD connect , you will use a service account from synced forest to create new connector , then, Azure AD connect will use the same service account to read and import objects from this forest.
Please don't forget to mark helpful answer as accepted