First published on TechNet on Feb 06, 2017
Hi all! I am Bill Kral, a Microsoft Premier Field Engineer, here again to give you the steps to convert your on-premises Managed domain to a Federated domain in your Azure AD tenant this time. Here is the link to my previous blog on how to convert from a Federated to Managed domain: Convert a Federated Domain in Azure AD to Managed and Use Password Sync – Step by Step https://blogs.technet.microsoft.com/askpfeplat/2016/12/19/convert-a-federated-domain-in-azure-ad-to... There are many ways to allow you to logon to your Azure AD account using your on-premises passwords. You can use ADFS, Azure AD Connect Password Sync from your on-premises accounts or just assign passwords to your Azure account. In addition, Azure AD Connect Pass-Through Authentication is currently in preview, for yet another option for logging on and authenticating. So, why would you convert your domain from Managed to Federated? Well, maybe you finally decided to invest in an ADFS environment. Maybe your company mandated that the storage of passwords in the cloud go against company policy, even though the hash of the hash of the password is what is really stored in Azure AD… and you may have your reasons for doing so. Either way, we'll discuss how to get from a Managed domain to Federated domain in your Azure AD environment. Let's set the stage so you can follow along: The on-premises Active Directory Domain in this case is US.BKRALJR.INFO The AzureAD tenant is BKRALJRUTC.onmicrosoft.com We are using Azure AD Connect for directory synchronization (Password Sync currently is enabled) We have setup an ADFS environment to federate the domain with the Azure AD Tenant Before we start, you will need the following things installed on your ADFS Server to connect to your Azure AD tenant: Microsoft Online Services Sign-In Assistant for IT Professionals RTW https://www.microsoft.com/en-us/download/details.aspx?id=41950 Windows Azure Active Directory Module for Windows PowerShell .msi http://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=59185
That is pretty much it!!! Now, at this time, if you were replicating your passwords to Azure AD (or as most Microsoft folks like to say, the hash of the hash of the password), you may keep doing so to use as an authentication "backup" should your ADFS environment fail. This usage as a backup authentication does not happen automatically, but a powershell command will do the job when it is needed!!! If you intend to disable replication of you on-premises passwords to you Azure AD Tenant, that can be accomplished through your Azure AD Connect configuration setup!!! Once again, thanks for reading!!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.