Share via

Can the Azure AD Provisioning Service and Azure AD Connect Provisioning Agent provision to multiple ACtive Directory domains and forests?

Michael Liben 261 Reputation points
2022-08-22T19:27:36.29+00:00

I recall some presentation from earlier in 2022 related to the SAP SuccessFactors to Active Directory provisioning solution would support multiple on-premises Active Directory domains and forests. However, when viewing the currently available documentation at https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-successfactors-inbound-provisioning-tutorial and https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/workday-inbound-tutorial , it appears that the agent can only be configured to a single domain endpoint.

SAP HANA on Azure Large Instances
SAP HANA on Azure Large Instances
Microsoft branding terminology for an Azure offer to run HANA instances on SAP HANA hardware deployed in Large Instance stamps in different Azure regions.
127 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. Jess Astorga 111 Reputation points Microsoft Employee
    2022-08-23T22:45:04.49+00:00

    Hello @Michael Liben ,

    Thank you for the information provided, the success factors integration does allow to sync to multiple on-premises domains, the information on the specific multiple-forest topologies supported can be found on this link: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/plan-cloud-hr-provision#single-cloud-hr-app-tenant---target-single-or-multiple-active-directory-child-domains-in-a-trusted-forest

    For disjointed domains you can configure separate provisioning agent groups for each specific forest. As shown below:

    234198-image.png

    Another option is to configure separate apps to provision distinct user sets from Cloud HR to multiple on-premises Active Directory domains:

    234261-image.png

    Please let me know if the document provided includes the topology you're interested in and I'll gladly assist reviewing other questions you may have.

    -Jessie

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2022-08-23T12:56:55.377+00:00

    Hi @Michael Liben ,

    From description above, I could understand that you are looking for AAD provisioning agent supported topology (please correct me if this is not the case).

    As per https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/plan-cloud-sync-topologies the given topologies are supported and would be following for user provisioning.

    • Single forest, single Azure AD tenant
    • Multi-forest, single Azure AD tenant
    • Existing forest with Azure AD Connect, new forest with cloud Provisioning
    • Piloting Azure AD Connect cloud sync in an existing hybrid AD forest

    Ref: https://learn.microsoft.com/en-us/azure/active-directory/cloud-sync/tutorial-existing-forest

    Note: Please do accept the answer and rate your experience if the above-mentioned suggestion works as per your business need.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.