Office 365 – Set multiple Federated Domains

Posted on March 20, 2013 by Idit Bnaya

you currently have an AD FS 2.0 server that is configured to support a single federated domain .

you need to use SSO to Login to Office365 with more then one domain.

There is now a rollup 2 for AD FS 2.0 (http://support.microsoft.com/kb/2681584) that works in conjunction with the “SupportMultipleDomain” switch to enable the AD FS server to support this scenario without requiring additional AD FS 2.0 servers.

Steps to add more federated domains :

  1. Open the Microsoft Online Services Module.
  2. Run $cred=Get-Credential. When the cmdlet prompts you for credentials, type your Office 365 administration account credentials.
  3. Run Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365. Creating a context that connects you to Office 365 is required before running any of the additional cmdlets installed by the tool.
  4. Run Set-MsolAdfscontext -Computer <AD FS 2.0 primary server>, where <AD FS 2.0 primary server> is the internal FQDN name of the primary AD FS 2.0 server. This cmdlet creates a context that connects you to AD FS 2.0.
  5. Ensure you are able to update the current trust (Office 365 – Set multiple Federated Domains
  6. After and only after ensuring you can update the trust perform the following on the AD FS Primary server, once you complete this step users won’t be able to logon (if you have multiple servers this will only affect the users for this one server):
    • Open the “AD FS 2.0 Management Console”
    • Navigate to the Relying Parties node (Trust Relationships |Relying Party Trusts)
    • Delete the Relying party “Microsoft Office 365 Identity Platform” or “Microsoft Online Trust”

image

7. Update-MsolFederatedDomain -DomainName <domain> -SupportMulitpleDomain where <domain> is the domain is your current federated domain

8. Run Convert-MsolDomainToFederated -DomainName <NewDomain> -SupportMulitpleDomain where <NewDomain> is the domain to be converted. This cmdlet changes the domain from standard authentication to single sign-on.
For example Convert-MsolDomainToFederated –DomainName cloud.co.il –SupportMulitpleDomain

9.Run Update-MsolFederatedDomain -DomainName <NewDomain> -SupportMulitpleDomain where <NewDomain> is the domain you just converted
For example Update-MsolFederatedDomain –DomainName cloud.co.il -SupportMulitpleDomain

image

Good Luck!

This entry was posted in ADFS, Office365. Bookmark the permalink.

One Response to Office 365 – Set multiple Federated Domains

  1. Pingback: transformers

Leave a Reply