No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

Single Forest / Multiple domain - Single User / Exchange domain - Supported?

This question is answered This question is answered

Hi,

Scenario:  Single Forest, Empty Root Domain, Two Additional Domain Trees.  Only one of the Domain Trees is considered in scope, as all users, groups, Exchange 2003 mailboxes etc.. reside here.  The second domain tree will be decommissioned and the Forest Root Domain is empty, as per legacy Best Practice.  Looking to implement Exchange 2010 'On-Prem' in conjunction with 'Hybrid' and Office 365 for half the user base, to be located in Cloud.  Single Sign-On and directory sync required.

Question:  Is this a supported scenario?  I note documentation suggests that only Single Forest / Single Domain is currently supported using the 'Exchange Server Deployment Assistant', so given that we are only needing to consider a single domain in a single forest (although technically there are additional domains there), is this indeed supported and workable?  Please provide reference to any additional steps that need to be taken to get this to work, or clarify if this simply won't work right now.

Thank you!

1 out of 1 people found this post helpful.

Verified Answer
  • Hello MSEBlogger,

    Yes, that functionality should work without issue.  It isn't that Single Forest/Single Domain is the only supported scenario, it's that you can only federate a single domain using ADFS 2.0.  For an additional domain you'd need an additional ADFS farm.  This is something that should be fixed with an upcoming ADFS update to the service that'll let you use multiple domains, but in your case that isn't necessary as you need only setup Identity Federation (SSO) for the one domain that all of your users are currently housed on.

All Replies
  • Hello MSEBlogger,

    Yes, that functionality should work without issue.  It isn't that Single Forest/Single Domain is the only supported scenario, it's that you can only federate a single domain using ADFS 2.0.  For an additional domain you'd need an additional ADFS farm.  This is something that should be fixed with an upcoming ADFS update to the service that'll let you use multiple domains, but in your case that isn't necessary as you need only setup Identity Federation (SSO) for the one domain that all of your users are currently housed on.

  • Thank you Alex, just what I was looking for.