Multi-forest and multi-tenant scenarios with Office 365

I have had several questions around multi-forest and multi-tenant questions from my education customers.  Here is a FAQ I put together:

Can you have multiple forests with a single tenant?

Yes, with FIM Connector for Office 365.

Can you have one forest with multiple tenants?

Yes, this is now supported as of recently.  You either have to use the FIM Connector for Office 365 or you can now use multiple Dirsync servers syncing to each unique tenant. The key is you cannot sync the same objects into the different tenants. You must create dirsync filtering on each dirsync server.

Can I have a non-AD directory sync to a tenant?

Yes, with FIM Connector for Office 365.

Can I have one ADFS farm servicing multiple forests?

Yes, as long as trusts exist between the forests this will work.

What if do not have trusts between the forests?

If no trusts exist between the forests than multiple ADFS farms are required.

Can I have multiple Exchange orgs connecting via Hybrid into a single tenant?

Not currently. It may be something in the future.

What if I have a resource forest for Exchange and an account forest for logins?

Setup dirsync against the resource forest and setup ADFS against the account forest. Eventually, collapse the resource forest data into the account forest and then change dirsync to work against the account forest.


Browse affordable devices starting at $219