Hello Guys,
I hope everyone is safe in this pandemic situation.
My organization located in India, We have an AD forest name called "in.company.net" and Main DC located in Branch A.
Active directory users are integrated with office 365 by using the AAD tool and we don't have on-premise exchange servers. So all the mailboxes in the cloud.
My organization has 200+ USA users who already created in the "in.company.net" domain, basically, those 200 people Located in the US region, and those 200+ laptops are in the workgroup we have not added them into the domain(in.company.net) yet because we don't have a domain controller in US office.
Now my management asking us (IT TEAM) to manage those laptops (US LAPTOPS) that should be added into the domain and we should restrict the laptops using group policies as same as india.
We have a site-to-site connection to the US office from India, but if we create a child domain at the US branch, users can be logged in to the "in.company.net" domain since we have a forest name as "in.company.net".
Since the users are based out of the USA they should be logged in to the "company.net" domain or "US.company.net" domain. ("IN" should be not present as users are worked in the US branch).
To overcome this, we planned to create a tree domain called "us.company.net" and wanted to establish the Trust relationship between two domains (us.mouritech.net and incompany.net)
But again users need to be login to laptop using in.company.net\username because the USA user is already created in the "in.company.net" domain.
So the solution might be either delete the USA users in India domain and need to create new same accounts in the us.company.net domain. Or else migrate those 200+ users to the us.company.net domain.
Can we migrate these 200+ domain users to the us.company.net domain from in.company.net. If so what about the mailboxes which exist in office 365 ??
What the challenges we might face and how can we mitigate those?
Note: I know the forest name should be "company.net". but it was already created long back now I can't rename or changing it causes many issues as we have many applications are integrated with Active directory.