Enabling Multi-Forest Group Membership Coexistence in Entra ID during a Staged Active Directory Migration
During a multi-forest staged migration, where Domain A (source) and Domain B (target) were both synchronizing into a single Entra ID tenant via Entra Connect, we encountered a membership synchronization issue with mail-enabled distribution groups. Although users were successfully matched across forests using ms-ds-consistencyguid, mail-enabled group memberships did not merge. Instead, only one forest’s membership list was applied in Entra ID—regardless of where users actually existed or were migrated. This post explains why that happens, and the precise fix that resolved the issue. ...