We have 2 AD Forests ex:ADF1 and ADF2. Primarily, we want users to authenticate against a domain in ADF1 Forest. However, in case ADF1 domain is down or unavailable we want users to authenticate against different domain in ADF2 Forest.
To achieve this we plan to maintain similar (or later plan to auto replicate) identities on both ADF1->domainX and ADF2->domainY.
Having the same identity on 2 different AD Forest domain, we now want to achieve password synchronization between primary (ADF1) and secondary (ADF2) AD Forest domain.
Please advice if this is achievable, and what it requires to do so?
I would make sure that ADF1->domainX is resilient and doesn’t go down rather than trying to synchronize identities and passwords between the two domains. If you plan and manage AD correctly, it should always be available. And make sure you have a tried and tested recovery plan for worst case scenarios. Even if you did synchronize identities and passwords to the other domain, users still wouldn’t be able to log in to ADF2->domainY without you changing the domain membership of each device in ADF1->domainX.