2 Subscription to trust 1 Azure AD

Question

Hi All,

I’m having a difficult time solving a configuration requirements (Thankfully the configuration still in my testing not yet in production). I wish someone can help me!

I have my first Tenant which named: Default Directory with my 1st PAYG Subscription.
Default Directory is replicating users of my on-premises test AD using Azure AD Connect (I can see all my users, everything is fine).

I created a second Tenant which named: Finance.
When I open the Azure AD in this Directory I cannot see the users of my Default Directory.

I tried this article: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
But it ruined everything, and toke me 6 hours to solve the problem.

How can I configure Azure AD in my Finance Tenant to read Default Directory Azure AD?

I wish someone can help me figuring it out.

Answer 1

Hi @Jean Nuaman ,

Maybe it's because of the wording ;-)

• An Azure Tenant contains one Azure Active Directory (AAD)
• An Azure Subscription contains the Azure Resources and is related to one Azure Tenant and AAD
• An Azure Tenant and AAD could contain multiple Azure Subscriptions
• An Azure Subscription can only be related to one Azure Tenant and AAD

Your Azure Tenant Default Directory contains one Subscription. To see the name of the subscription open the Azure Portal and search for Subscription (red marked in the screenshot the name of AAD in my tenant).

If I get your requirement right you need a second Azure Subscription Finance in the same Azure Tenant Default Directory

Create/Add a new Azure Subscription and choose the existing Azure Tenant and the existing AAD Default Directory

This way you will have 2 different Azure Subscriptions in same Azure Tenant and AAD.

Did the answer work for you? Are there any additional questions to this topic?

If you found the answer helpful, it would be great if you please mark it "Accept as answer". This will help others to find answers in Q&A

---

Regards
Andreas Baumgarten

Answer 2

Hi @Jean Nuaman ,

maybe this is helpful for your requirement:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/compare-with-b2c
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 3

Hi @Andreas Baumgarten

Unfortunately, non of this link represent the same case. I might be confused with terms Subscription and Tenant, so I will repeat the scenario using different words which might give some sense.

I have single AD on-premises all my AD users and groups are their including our finance users.
I have Azure AD Connect.

In Azure I have 1st Subscription (Default Directory) where my Azure Active Directory get sync from on-prem via Azure AD Connect.

For Finance Dept, we are planning to get them an Azure Subscription, and we need this 2nd Subscription to read the same users available in our 1st Subscription (default Directory).

This Scenario should be possible based on below MS doc which indicate you can link Multiple Subscriptions to 1 Azure Active Directory, but you cannot do the opposite.
Ref: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory

So I am searching and looking for help to find the right steps.

Thanks
Jan

Answer 4

Thanks a lot, this helped me achieving my task.