Microsoft Office Tutorials and References
In Depth Information
Removing Active Directory Federation Services
Removing Active Directory Federation Services
In the event you need to remove AD FS and disable SSO for a domain in your tenant, there
are a few important things you need to know:
As with most actions, you will use the Windows Azure Active Directory Module and
Windows PowerShell to convert the federated domain in Office 365 back to a
standard domain.
Previously federated user accounts, if they existed prior to federation, will not revert
to using the original Office 365 passwords they had prior to federation.
Temporary passwords will be generated for all federated users.
The temporary passwords are stored in a file. You will specify the path and the name
of the file as one of the parameters.
Users will have to log on with their new temporary password and will be prompted to
provide a new permanent password.
If you choose to uninstall the AD FS role from your server, the virtual directories in
the default website will not be removed. This must be done manually.
If you choose to uninstall the AD FS role from your server, the AD FS database will
not be removed. This can be done manually.
Disabling SSO is also known as converting a domain from identity federation to
standard authentication.
TROUBLESHOOTING
Accounts affected by reverting from identity federation to standard
authentication
After you convert a domain in Office 365 from identity federation to standard
authentication, all the user accounts associated with that domain will become unusable until
you either convert the domain back to identity federation or until the users are also
converted. Another word of caution is that the users will need to be assigned new
passwords.
Search JabSto ::




Custom Search