Microsoft Office Tutorials and References
In Depth Information
Converting a domain from identity federation to standard authentication
Converting a domain from identity federation to standard
authentication
The first step you need to take to break federation is to convert the domain from federated
to standard using Windows PowerShell. The second step, which is optional, is to uninstall
AD FS 2.0 from the server.
The following scenarios show how to convert a domain from federated to standard. Choose
the scenario that is right for you and follow the steps.
AD FS server that has the Windows Azure Active Directory Module
installed
1. From the AD FS Server, start the Windows Azure Active Directory Module.
2. Enter the following Windows PowerShell command to initiate a logon prompt, which
you will use to supply your Office 365 credentials, and store the credentials in a
variable named $cred :
$cred=Get-Credential
3. Enter the following command, which will attempt to connect and authenticate to an
Office 365 tenant using the logon credentials you stored in $cred :
Connect-MsolService -Credential $cred
4. Enter the following command to remove the Rely Party Trust information from the
Office 365 authentication system federation service and the on-premises AD FS 2.0
server:
Convert-MsolDomainToStandard -DomainName <domain name> -SkipUserCoonversion
[$true|$false] –PasswordFile:<path and filename>
5. If the –SkipUserConversion parameter is set to $true , a password file will not be
generated and the user accounts that are associated with the domain will become
unusable until either the domain is converted back to identity federation or each
account is converted using the Convert-MSOLFederatedUser cmdlet, which we will
discuss shortly. An actual command might look something like this:
Convert-MsolDomainToStandard –DomainName adatum.com –SkipUserConversion $false
–PasswordFile c:\TempPwd.txt
Search JabSto ::




Custom Search