Cloud Services Thread, Applying ADFS in Office 365 in Technical; Hiya,
We will be switching from the DIR Sync with passwords to ADFS. I have got my servers setup, really ...
4th March 2014, 02:16 PM #1
Applying ADFS in Office 365
We will be switching from the DIR Sync with passwords to ADFS. I have got my servers setup, really easy to do by the way! When I finish off and tell office 365 we have ADFS I assume I disable password sync in DIRSYNC?
Last edited by FN-GM; 4th March 2014 at 02:39 PM.
4th March 2014, 06:50 PM #2
when you are ready to convert your domain from managed to federated, I recommend the following steps [high level]
- Disable Password Sync [you do this by re-running the configuration wizard and unchecking the password sync option]
- Logon to AD FS Server, Launch PowerShell
- Connect to Office 365 and then run the commands to convert the domain, to create the Relying Party etc.
4th March 2014, 07:06 PM #3
Cheers, thought so just wanted to be sure. To convert them its just a case of doing this in powershell?
Set-MsolADFSContext <server name>
Convert-MsolDomainToFederated -DomainName example.com -SupportMultipleDomains:$true
4th March 2014, 07:23 PM #4
The PowerShell Commands would be as follows
Set-MSOLAdfscontext <Server Name?
Convert-MsolDomaintoFederated -DomainName contoso.com -supportmultipledomain
NOTE: you only need support multiple domain, if you plan on adding multiple top level domains.
4th March 2014, 07:37 PM #5
So its the same as i put (ish) We do have more than 1 domain.
Would you do the same if you wanted to do the same for a completely separate Office 365 tenant but the users stay on the same domain? Or will it stuff things up?
Last edited by FN-GM; 4th March 2014 at 07:40 PM.
4th March 2014, 08:17 PM #6
Originally Posted by FN-GM
If you have more than one domain that you want to federate in the same tenant then you need to use the supportmultipledomain syntax in the command.
You are not able to add the same vanity domain into a different tenant, you would have to remove it from the first tenant beforehand.
4th March 2014, 08:20 PM #7
I dont mean add the same public domain i mean the same Windows domain.
If i had 2 separate office 365 tenants. They use there own public domains. They share a windows domain. How do i sort ADFS to work with the 2 separate tenants on one windows domain please?
Last edited by FN-GM; 4th March 2014 at 08:26 PM.
5th March 2014, 01:32 AM #8
so, in this scenario you would basically need to ensure that you only synchronized the users to the respective tenant using OU Filtering for example... then you would need to create 2 separate AD FS Instances.. (different service account, different STS endpoint etc.) and then you would add one federated domain to instance A and then the other federated domain to instance B.
Originally Posted by FN-GM
I have a very similar setup for repro purposes...
5th March 2014, 08:51 AM #9
When you say 2 instances, do you mean on the same ADFS servers or new set of servers? cheers
Last edited by FN-GM; 5th March 2014 at 08:55 AM.
5th March 2014, 02:32 PM #10
They will need to be separate instances (as in separate servers) as you can't have two relying parties with the same identifier on the same instance.
6th March 2014, 10:24 AM #11
Are you sure?
Originally Posted by EduTech
I don't have the time to test, but I'm pretty sure that you can have a single AD FS farm serving multiple TLDs and I can't find any documentation that differentiates between multiple TLDs in a single tenant, or across many.
My brain might be forgetting stuff though, it's been a while now since I last looked at this and as much as I'd love to dive into my test rig I am focused on Windows now!
6th March 2014, 02:13 PM #12
Yeah, so basically if you do not federated the top level domain each sub-domain will be classed as a root domain in terms of Office 365. If you federated sub-domain A to 1 AD FS Server then when you attempt to add Sub-Domain B to the same server it will error...
Originally Posted by jamesbmarshall
This is I am understanding what the question is here correct. My brain is also fried at the moment #BUSY!
By tosca925 in forum Windows
Last Post: 9th October 2006, 11:11 PM
By dezt in forum Wireless Networks
Last Post: 3rd October 2006, 09:26 PM
By adamyoung in forum Windows
Last Post: 13th March 2006, 07:41 PM
Last Post: 16th December 2005, 03:14 PM
By ChrisH in forum Windows
Last Post: 11th November 2005, 01:21 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)