cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Add Support for Multiple Domains for federation with O365

Manmeet Singh
Copper Contributor

‎Apr 30 2018 11:11 AM - last edited on ‎Feb 10 2023 02:34 PM by

‎Apr 30 2018 11:11 AM - last edited on ‎Feb 10 2023 02:34 PM by

Add Support for Multiple Domains for federation with O365

Hi Team,

 

We currently have ADFS (ADFS is running on Windows 2016) in place for around 100 users auth to 365 using a single domain 'domain1.com', we have federated it and enabled SSO.

 

We now need to federate additional domains - 'domain2.com and domain3.com'

   The new domains have been added and verified in 365 so now show as managed domains

 

The original domain1.com  did not have the -supportmultipldomains switch used when it was converted to a federated domain. 

What do we need to do here?  

Should we remove the Microsoft Online trust from AD FS federation server Management Console?

and then update original domain . Though, i assume it will be done during non-business hours.

Password synch is enabled and we do not want to change passwords of users.
What will be the Impact on 100 or more current users of The original domain1.com,
if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users.

Thanks!

12.4K Views
0 Likes
3 Replies
Reply
3 Replies
Loryan Strant

‎Apr 30 2018 10:21 PM

‎Apr 30 2018 10:21 PM

Re: Add Support for Multiple Domains for federation with O365

Unfortunately you will have to switch back to standard domain, and then run the command again with the switch this time.
You definitely want to do this during non-business hours.
0 Likes
Reply
Manmeet Singh

‎May 01 2018 12:03 AM

‎May 01 2018 12:03 AM

Re: Add Support for Multiple Domains for federation with O365

We now need to federate additional domains - 'domain2.com and domain3.com'

The new domains have been added and verified in 365 so now show as managed domains



Thanks for your reply.
Password synch is enabled and we do not want to change passwords of users.
What will be the Impact on 100 or more current users of The original domain1.com,
if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users.

Thanks!
0 Likes
Reply
Nestori Syynimaa

‎Jul 05 2018 08:26 AM

‎Jul 05 2018 08:26 AM

Re: Add Support for Multiple Domains for federation with O365

Hi,

I've done this many times and there really isn't a long out-of-service period, maybe 1 minute or so.

 

# Connect to Office 365
Connect-MsolService

# Tell to Office 365 what ADFS server to use. Must be the primary ADFS Server if using Windows Internal DB
Set-MsolADFSContext -Computer <PrimaryADFSServer>

# Convert domain to standard without converting users.
Convert-MsolDomainToStandard -DomainName <yourdomain> -PasswordFile pwd.txt -SkipUserConversion $true
# Convert domain back to federated
Convert-MsolDomainToFederated -DomainName <yourdomain> -SupportMultipleDomain

# In secondary ADFS servers, restart ADFS service to update the config data
Restart-Service ADFSSrv

 

1 Like
Reply