Does on-prem AD multiple forest 2-way sync replicates on Azure Cloud?

Siya Kumari 511 Reputation points
2023-11-24T07:53:13.4833333+00:00

Hello team,

I want to know if multiple forest 2-way trust replicates on Azure Cloud or not.

My lab scenario is mentioned below:

We have 2 Azure AD tenants e.g xyz.onmicrosoft.com and abc.onmicrosoft.com. In xyz.onmicrosoft.com Azure subscription we have created a Windows 10 host VM and enabled hyper - V and created two 2019 server and installed AD roles and features:

a. Domain A.com

b. Domain B.com

Then 2-way trust is enabled between both the domains.

In abc.onmicrosoft.com tenants' Azure subscription we have created one Windows 10 host VM and after enabling hyper-V we created one 2019 server and installed AD roles and features:

a. Domain C.com

We have configured AD connect tool for both tenants to sync the on-prem directories separately. We have established 2-way trust between Domain A and Domain B as these domains are in same network.

Just want to know:

  1. How can we establish 2-way trust between Domain A, B and C? Domain A and Domain B are in the same network but Domain C is in a different network.
  2. Does on-prem 2way trust replicate on Azure tenants also? Like after 2-way trust can user from tenant xyz.onmicrosoft.com access the resource of tenant abc.onmicrosoft.com.

Looking for quick response.

Thanks!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,800 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,856 questions
{count} votes

Accepted answer
  1. Thameur-BOURBITA 35,016 Reputation points
    2023-12-02T19:21:12.48+00:00

    Hi @Siya Kumari

    1. How can we establish 2-way trust between Domain A, B and C? Domain A and Domain B are in the same network but Domain C is in a different network.

    Yes you can if each domain controller on each domain can communicate through network. To get more details about required ports to establish a trust between two domain please read the following link:
    How to configure a firewall for Active Directory domains and trusts

    1. ***Does on-prem 2way trust replicate on Azure tenants also? Like after 2-way trust can user from tenant xyz.onmicrosoft.com access the resource of tenant abc.onmicrosoft.com.

    No , the trust on-prem is not replicated , but you can use another feature on Entra ID to allow external users to access.You can also sync many forest to same Tenant. This kind of configuration is supported by Entra ID connect.


    Please don't forget to accept helpful answer


1 additional answer

Sort by: Most helpful
  1. Sandeep G-MSFT 20,371 Reputation points Microsoft Employee
    2023-11-27T11:15:47.05+00:00

    @Siya Kumari

    Thank you for posting this in Microsoft Q&A.

    There is no 2 way trust that gets synced to Azure. When you sync your environments to Azure AD, only users, contacts and devices get's synced.

    If you have multiple users from different domains in on-premises, and if you have 2 way trusts between those domain or forests, then only the users gets synced to Azure AD. Trusts doesn't get synced to Azure AD.

    If you want users from one tenant to access resources on other tenant then you will have to use the B2B feature in Entra ID.

    https://learn.microsoft.com/en-us/entra/external-id/what-is-b2b

    And later you can make use of feature called "External Identities" in Entra ID. External Identities is a set of capabilities that enabled organizations to secure and manage any external user. Building on the B2B collaboration capabilities in Microsoft Entra ID, External Identities supports additional ways to interact and connect with users outside of your organization.

    https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview#managing-external-identities-features

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.