+ Post New Thread
Results 1 to 12 of 12
Cloud Services Thread, Applying ADFS in Office 365 in Technical; Hiya, We will be switching from the DIR Sync with passwords to ADFS. I have got my servers setup, really ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,108
    Thank Post
    891
    Thanked 1,753 Times in 1,512 Posts
    Blog Entries
    12
    Rep Power
    458

    Applying ADFS in Office 365

    Hiya,

    We will be switching from the DIR Sync with passwords to ADFS. I have got my servers setup, really easy to do by the way! When I finish off and tell office 365 we have ADFS I assume I disable password sync in DIRSYNC?

    Thanks
    Last edited by FN-GM; 4th March 2014 at 01:39 PM.

  2. #2

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    Hi,

    when you are ready to convert your domain from managed to federated, I recommend the following steps [high level]

    - Disable Password Sync [you do this by re-running the configuration wizard and unchecking the password sync option]
    - Logon to AD FS Server, Launch PowerShell
    - Connect to Office 365 and then run the commands to convert the domain, to create the Relying Party etc.

    Regards,
    James.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,108
    Thank Post
    891
    Thanked 1,753 Times in 1,512 Posts
    Blog Entries
    12
    Rep Power
    458
    Cheers, thought so just wanted to be sure. To convert them its just a case of doing this in powershell?

    Set-MsolADFSContext <server name>
    Convert-MsolDomainToFederated -DomainName example.com -SupportMultipleDomains:$true

    Thanks again.

  4. #4

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    The PowerShell Commands would be as follows

    Connect-MsolService
    Set-MSOLAdfscontext <Server Name?
    Convert-MsolDomaintoFederated -DomainName contoso.com -supportmultipledomain

    NOTE: you only need support multiple domain, if you plan on adding multiple top level domains.

    Thanks,
    James.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,108
    Thank Post
    891
    Thanked 1,753 Times in 1,512 Posts
    Blog Entries
    12
    Rep Power
    458
    So its the same as i put (ish) We do have more than 1 domain.

    Would you do the same if you wanted to do the same for a completely separate Office 365 tenant but the users stay on the same domain? Or will it stuff things up?

    Cheers pal.
    Last edited by FN-GM; 4th March 2014 at 06:40 PM.

  6. #6

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    Quote Originally Posted by FN-GM View Post
    So its the same as i put (ish) We do have more than 1 domain.

    Would you do the same if you wanted to do the same for a completely separate Office 365 tenant but the users stay on the same domain? Or will it stuff things up?

    Cheers pal.
    Hi,

    If you have more than one domain that you want to federate in the same tenant then you need to use the supportmultipledomain syntax in the command.

    You are not able to add the same vanity domain into a different tenant, you would have to remove it from the first tenant beforehand.

    James.

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,108
    Thank Post
    891
    Thanked 1,753 Times in 1,512 Posts
    Blog Entries
    12
    Rep Power
    458
    Hi,

    I dont mean add the same public domain i mean the same Windows domain.

    If i had 2 separate office 365 tenants. They use there own public domains. They share a windows domain. How do i sort ADFS to work with the 2 separate tenants on one windows domain please?

    Cheers
    Last edited by FN-GM; 4th March 2014 at 07:26 PM.

  8. #8

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    Quote Originally Posted by FN-GM View Post
    Hi,

    I dont mean add the same public domain i mean the same Windows domain.

    If i had 2 separate office 365 tenants. They use there own public domains. They share a windows domain. How do i sort ADFS to work with the 2 separate tenants on one windows domain please?

    Cheers
    so, in this scenario you would basically need to ensure that you only synchronized the users to the respective tenant using OU Filtering for example... then you would need to create 2 separate AD FS Instances.. (different service account, different STS endpoint etc.) and then you would add one federated domain to instance A and then the other federated domain to instance B.

    I have a very similar setup for repro purposes...

    James.

  9. #9

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,108
    Thank Post
    891
    Thanked 1,753 Times in 1,512 Posts
    Blog Entries
    12
    Rep Power
    458
    When you say 2 instances, do you mean on the same ADFS servers or new set of servers? cheers
    Last edited by FN-GM; 5th March 2014 at 07:55 AM.

  10. #10

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    They will need to be separate instances (as in separate servers) as you can't have two relying parties with the same identifier on the same instance.

  11. #11
    jamesbmarshall's Avatar
    Join Date
    Feb 2010
    Location
    Reading, UK
    Posts
    538
    Thank Post
    27
    Thanked 233 Times in 163 Posts
    Rep Power
    87
    Quote Originally Posted by EduTech View Post
    They will need to be separate instances
    Are you sure?

    I don't have the time to test, but I'm pretty sure that you can have a single AD FS farm serving multiple TLDs and I can't find any documentation that differentiates between multiple TLDs in a single tenant, or across many.

    My brain might be forgetting stuff though, it's been a while now since I last looked at this and as much as I'd love to dive into my test rig I am focused on Windows now!

  12. #12

    EduTech's Avatar
    Join Date
    Aug 2007
    Location
    Reading
    Posts
    5,071
    Thank Post
    160
    Thanked 934 Times in 730 Posts
    Blog Entries
    3
    Rep Power
    274
    Quote Originally Posted by jamesbmarshall View Post
    Are you sure?

    I don't have the time to test, but I'm pretty sure that you can have a single AD FS farm serving multiple TLDs and I can't find any documentation that differentiates between multiple TLDs in a single tenant, or across many.

    My brain might be forgetting stuff though, it's been a while now since I last looked at this and as much as I'd love to dive into my test rig I am focused on Windows now!
    Yeah, so basically if you do not federated the top level domain each sub-domain will be classed as a root domain in terms of Office 365. If you federated sub-domain A to 1 AD FS Server then when you attempt to add Sub-Domain B to the same server it will error...

    This is I am understanding what the question is here correct. My brain is also fried at the moment #BUSY!

    James :-)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 9th October 2006, 10:11 PM
  2. Proxy Settings Not Applied
    By dezt in forum Wireless Networks
    Replies: 16
    Last Post: 3rd October 2006, 08:26 PM
  3. Applying Backgrounds
    By adamyoung in forum Windows
    Replies: 4
    Last Post: 13th March 2006, 06:41 PM
  4. Some of GP not applied to one PC
    By Pear in forum Windows
    Replies: 8
    Last Post: 16th December 2005, 02:14 PM
  5. Whos applied Exchange SP2 ?
    By ChrisH in forum Windows
    Replies: 8
    Last Post: 11th November 2005, 12:21 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •