Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

Preparing Active Directory Federation Services for Office 365

Posted on February 23, 2021 By rich No Comments on Preparing Active Directory Federation Services for Office 365

Prerequisites


  • Ensure that the deployment is planned fir the correct capacity using the ADFS capacity and planning sizing spreadsheet.
  • Every user in active directory must have a UPN set.
  • For Single Sign On (SSO) to work usernames can only contain letters, numbers, periods, dashes and underscores.
  • A service account for ADFS with log on as service and log on as batch rights.
  • An A record in DNS ( adfs.domain.com ) and a service principal name (SPN) for the service account.
  • SSL Certificate – (Must use RC4 cypher to support XP machines).
  • Port 443 open
  • SQL Server 2005 or later or WID.
Installing

If your installing ADFS on an OS older than 2012 R2, then you need to install ADFS with ADFSSetup.exe which can be downloaded from here.
If your ADFS server is on 2012 R2, the install ADFS from the server manager.
Once ADFS is installed, we need to run FSConfigWizard.exe from c:Program FilesActive Directory Federation Services 2.0.
Converting Domains for use with Federated Services

$msolcred = get-credential
connect-msolservice -credential $msolcred
Convert-MsolDomainToFederated -DomainName “Techshizz”

(If there are multiple domains add “-SupportMultipleDomain”)

How do we know this worked?

Get-MsolDomain    OR
Get-MsolFederationProperty -Domainname “Techshizz”

Converting back to Standard Domain

In converting back all users will have to have their passwords changed.

$msolcred = get-credential
connect-msolservice -credential $msolcred
Convert-MsolDomaintoStandard -DomainName “Techshizz” -SkipUserConversion $false -PasswordFile “C:passwords”

This command sets the user attribute “Force change password on logon” to on!
Finally you must run this command for every user:
Convert-MsolFederateduser -PrincipalName

Post navigation

❮ Previous Post: Setting up port forwarding on a Sonic Wall router
Next Post: Provisioning an Office 365 Tenant ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown