Hi - Hope you can help. I have a pretty unique problem in our business and I'd like to check whether we can solve it with the AD connector for FIM. We have multiple AD forests in our business with trusts between them (about 10 forests!). We also have
FIM implemented with all objects in the 10 forests synchronised to a centralised directory - with linked user objects. We are looking at moving to Office 365 but we realise that the DirSync won't work with our 10 forests. So we would presumably
need the AD connector for FIM combined with ADFS. Assuming that the AD connector can synchronise all the correct attributes to AD in Office 365, how does the authentication work? If a user logs in from their own forest, using their password in their local
forest, what kind of ADFS architecture would one need? i.e. does the ADFS server look back to the source forest for that user? Can one ADFS server look back to every source forest if there are 10 of them? Does ADFS know that the user in the source forest is
the same as the user in the unified directory that FIM updates? Hope this scenario makes sense. I guess my real question is whether I can have a hybrid solution with Office 365 and 10 forests where all the AD admin and password management is done in each source
forest. thanks in advance for any advice!
↧