Q. If I synchronize multiple forests to Azure AD do I need multiple ADFS instances?
A. Azure AD Connect supports the synchronization of multiple forests to a single Azure AD instance as explained at http://windowsitpro.com/azure/syncing-multiple-forests-azure-ad. ADFS enables federation to be used for Azure AD authentication which means the authentication actually is performed against the on-premises Active Directory Domain Controllers. If you have multiple forests that have bi-directional trusts between them then a single ADFS instance can be used for authentication for all forests. If there are not bi-directional trusts between the forests then a separate ADFS instance will be required for each forest.
0 comments
Hide comments