Apr 30 2018
11:11 AM
- last edited on
Feb 10 2023
02:34 PM
by
TechCommunityAP
Apr 30 2018
11:11 AM
- last edited on
Feb 10 2023
02:34 PM
by
TechCommunityAP
Hi Team,
We currently have ADFS (ADFS is running on Windows 2016) in place for around 100 users auth to 365 using a single domain 'domain1.com', we have federated it and enabled SSO.
We now need to federate additional domains - 'domain2.com and domain3.com'
The new domains have been added and verified in 365 so now show as managed domains
The original domain1.com did not have the -supportmultipldomains switch used when it was converted to a federated domain.
What do we need to do here?
Should we remove the Microsoft Online trust from AD FS federation server Management Console?
and then update original domain . Though, i assume it will be done during non-business hours.
Password synch is enabled and we do not want to change passwords of users.
What will be the Impact on 100 or more current users of The original domain1.com,
if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users.
Thanks!
Apr 30 2018 10:21 PM
May 01 2018 12:03 AM
Jul 05 2018 08:26 AM
Hi,
I've done this many times and there really isn't a long out-of-service period, maybe 1 minute or so.
# Connect to Office 365
Connect-MsolService
# Tell to Office 365 what ADFS server to use. Must be the primary ADFS Server if using Windows Internal DB
Set-MsolADFSContext -Computer <PrimaryADFSServer>
# Convert domain to standard without converting users.
Convert-MsolDomainToStandard -DomainName <yourdomain> -PasswordFile pwd.txt -SkipUserConversion $true
# Convert domain back to federated
Convert-MsolDomainToFederated -DomainName <yourdomain> -SupportMultipleDomain
# In secondary ADFS servers, restart ADFS service to update the config data
Restart-Service ADFSSrv