I am trying to set in order the Azure's Subscription of the company where I work. Long story short I have to deal with two Azure Active Directories. The first one is the main AAD (we will call it "MasterAD") where all the resources are deployed (servers, DBs, etc). The second one is a development purpose AAD ("DevAD"). In the DevAD there are two "App registrations" that we use to log in our clients in our web applications. I would move those App registrations to the MasterAD. This way I could manage all the resources in one place without going around through ADs (and remember what is located where). Is it possible to do that without changing the Application's IDs/Keys? I would not ask all my clients to grant again permissions for a "new" App registration.
0
votes
1 Answers
0
votes
You can't move the application object and keep the ids. The ids will change.
I would do this:
- Create new apps in MasterAD
- Make sure all existing users are in MasterAD (as members or guests)
- Change apps to use MasterAD instead with new client id / authority / keys
One thing to keep in mind that users' object ids are different in each directory. One user added as a guest to another directory has a different unique id there. If you have tied data to user object ids in a database etc., you'll have to prepare a migration to change those ids all at once.
