Larger organizations or distributed organizations have environments with multiple on-premises ADs. They're typically used in account/resource forests or provided through mergers and acquisitions. These rules need to be followed:
- Users have only one enabled account across all on-premises Active Directory Forests
- UserPrincipalName and Source anchor will be provided from the forest
- Users have only one mailbox
- Users that have a linked mailbox also have an account in a different forest
- There's no need to use Azure AD Connect on a domain-joined server
The following diagram shows the account/resource forest scenario: