How Can I Manage Split Domains for a Non-Profit?

By
Aaron Garnes
-
0
6
Asked By TechieTurtle42 On

I'm the sole administrator for a small non-profit that has partnered with a larger organization. We're transitioning to a new local domain that's been integrated with Entra so we can utilize the necessary security features for compliance purposes with the larger organization.

Currently, my users log in to ad.myorg.com, but we also have access to free Office 365 through the larger organization (largeorg.com). However, I don't have any administrative access to largeorg.com. Most of the time, this setup works fine, but I occasionally have to remind users to sign out and log back in using their largeorg.com credentials.

Lately, it seems like the new domain I'm migrating users to is more stubborn and keeps trying to log in with ad.myorg.com accounts. I'm looking for any advice or solutions from anyone who may have experienced a similar setup. The larger organization has offered to let us be part of their AD, but our director insists on keeping everything separate.

Is there a more effective method I'm perhaps overlooking? Thanks in advance!

3 Answers

Answered By InfosecGuru99 On

Is there a specific security or functional reason that the larger organization can't include you in their AAD Connect setup? If they did, it could give you a centralized source of truth for user identities and also allow for password write-back. However, I get that there might be valid concerns about sharing control over Entra.

Answered By AdminAce11 On

Microsoft has a feature in preview that could potentially help with your situation. You might want to check out their authentication guide for using email sign-in with Entra. Just keep in mind that if you set up [email protected] as a proxy address, it might still default to logging in with their myorg.com account. You’d need to clarify how to manage the accounts to ensure they log into O365 with largeorg.com while using myorg.com for their desktops.

Answered By NetworkNinja847 On

It sounds like the issue is related to the User Principal Names (UPN) not matching between your AD and Entra. If the UPNs were aligned, it could help resolve some of the login conflicts you’re experiencing. You might want to add the required UPN suffix in your AD to ensure they match up correctly with the Entra accounts.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.