Forum Discussion
Change ADconnect to disable Alternate Login ID
Hi Stefan,
If I understand correctly then the required settings for UPN are set as well (@contoso.com) and you should be able to disable the alternate ID by running the following command:
Set-AdfsClaimsProviderTrust -Target Identifier "AD AUTHORITY" -AlternateLoginID $NULL -LookupForests $NULL
No additional settings are needed for ADConnect when disabling the Alternate ID.
See also https://technet.microsoft.com/en-us/library/dn659436.aspx
Hi Mike,
sorry to bring this threat up again. I am not only talking about the ADFS part but mainly the Azure AD Connect setting which can only be specified during initial installation as it seems. Any idea?
Stefan
Hi Stefan,
AD Connect uses a couple of ways to mactch users from AD with AAD, even when reinstalling the product it tries to match users again with users that already have been synced previously. This is usually done with the immutable ID from AD which is by default the ObjectGUID as SourceAnchor from AD. If you need to change the setup then I would recommend to uninstall AD Connect competely and then reinstall it using the needed settings. Be sure to first check the current configuration first and verify that the ObjectGUID is indeed the SourceAnchor.
If that is the case then you can proceed and uninstall AD Connect, then reinstall it again and select the needed Login ID settings.
Good morning, thanks for the reply, I have just received same information from MS, no way tro change afterwards, plainly need to reinstall or use a second AD Connect machine and use staging to change. Will keep u posted ones completed, will need to evaluate first as we are in production already :-(
