Our company recently bought another company. The bought company already has it's own AD forest and it's own Azure tenant. We want now to bring everyone on the same tenant.
The current setup is like this:
The request is to have everyone on Tenant A. Everything from Tenant B will be migrated to Tenant A. We have already done this process in the past. Usually we created new user accounts in Forest A, which got synced to Tenant A and thus we had objects on Tenant A onto which migrate all the stuff from the other tenant.
But this time instead of creating new user accounts on Tenant A, the managements wants to use the ability to sync one AD Forest to multiple tenants thus creating the accounts and having exactly the same credentials and keeping the other companies access to their AD forest.
So the next step would be like this:
And once everything is migrated onto Tenant A it will be like this:
So the questions are:
1. In the "One AD to multiple tenants" scenario only one tenant can have the Exchange hybrid. In our case the Agent A (syncing Forest A and Forest B) has the Exchange Hybrid Deployment enabled. Can we use the same agent to have Forest C synced to Tenant A, but without Exchange Hybrid? Or do we need to create a third agent that sync Forest C to Tenant A, but without Exchange Hybrid?
2. Since DomainC.com will be moved from Tenant C to Tenant A during migration it will not be a verified domain on Tenant A before that. So every user we sync from Forest C will be as *** Email address is removed for privacy *** even though on the forest they are *** Email address is removed for privacy ***. Once DomainC.com becomes verified on Tenant A, will the UPN suffix for these users change from @TenantA.onmicrosoft.com to @DomainC.com automatically with the first sync after the domain is verified or will it remain @TenantA.onmicrosoft.com? If it remains that way - how could be manually change that afterwards?