|
I tried to Google around, but I couldn't quite articulate my question in a Google-friendly way, so here I am. We have Azure AD Connect provisioning and syncing users from our on-prem AD. Our on-prem AD DS domain is corp.local Our Azure AD domain is corp.onmicrosoft.com We've also validated our corp.com public-facing web/email domain in Azure AD so users can sign in with their email address, Hybrid Exchange, etc. We have a partner organization that has user accounts in our on-prem AD to access a bunch of shared services. Their IT manages their own O365 and their domain is partnercorp.com. However all their user accounts in our AD are also Mail Users in our on-prem Exchange with their partnercorp.com email address, so all their accounts in our corp.local AD have a corp.com and a partnercorp.com email alias. We have recently started transitioning to O365. Because partnercorp is using O365 already, we'd ordinarily add them as guest users to our Azure AD so they can log in with their partnercorp.com O365 account and access Teams, SharePoint, etc resources that we share with them. However we can't do this because the partnercorp.com SMTP alias that syncs up via Azure AD Connect causes our AzureAD to complain that the user already exists, which they sort of do. Is the best fix to just work with their IT to set up their AzureAD as a SAML IDP and set up an Organizational Relationship in Azure AD, or is there a nicer way to go about it? If we set up the SAML trust, what will happen with the existing users syncing up from of our on-prem AD with the partnercorp.com SMTP alias? Aunt Beth fucked around with this message at 22:41 on Apr 15, 2020 |
# ? Apr 15, 2020 22:33 |
|
|
# ? May 5, 2024 16:51 |