1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Identity Synchronization with Azure AD Connect

AD Connect in Multi-Forest Environments

Start course

If your organization uses Active Directory (AD) for its identity management, and you would like to use those identities in Azure or Microsoft 365, then you will need to implement Azure Active Directory Connect.

This course is divided into three sections. The first section is on designing an identity strategy. In this section, we'll look at our AD identities and consider what work needs to be done and what we need to think about ahead of time. The second section is on implementing identity synchronization using AD Connect. We will consider what needs to be synced and what authentication options are available. In the last section, we'll look at managing identity synchronization using Azure AD Connect. We'll look at what it takes to manage and sync and reconfigure options after AD Connect has been initially configured.

Learning Objectives

  • Design a hybrid identity solution
  • Implement Azure Active Directory Connect
  • Manage synchronized identities

Intended Audience

  • Azure administrators
  • Microsoft 365 administrators


  • Basic understanding of Active Directory and Office 365
  • To do the examples yourself, you will need an on-premises Active Directory structure and an Azure subscription

Up until now, we've been looking at Azure AD Connect in a single-forest environment. But it does support multi-forest environments as well, but there's a few things we need to note before we get this configured. We need to make sure that we only have one server for all of the forests. And, this doesn't have to be joined to any of the domains or any of the forests, this can be a standalone server. And, we need to make sure that all of the users are uniquely identifiable across all of the domains, and all of the forests. 

So, this AD Connect server will need to have access to all of the forests, so that it's synchronizing. So, this can be part of our on-premise network, or we can put the server in a perimeter network, as long as it has access to those forests.

About the Author

Matt is a freelance system administrator with over 20 years of experience in IT. His current focus is on the great features of Microsoft Azure and Office 365. He’s always had a fascination for anything techie and loves learning and sharing that knowledge.