Microsoft Office Tutorials and References
In Depth Information
Converting a domain from identity federation to standard authentication
Note Why not convert users?
Why would you use Convert-MsolDomainToStandard with the –SkipUserConver-
sion $true parameter so as not to convert users? One such scenario might be when
you need to re-establish the Relying Party Trust. There have been a few occasions
where we had to remove the Relying Party Trust because of an AD FS issue, and
then turn around and use the Convert-MsodDomainToFederated to re-establish the
Relying Party Trust. In such a scenario, we really do not want to convert the users.
6. Now that we have removed the Relying Party Trust, we need to reset the
authentication setting for the domain. Enter the following command to accomplish
Set-MsolDomainAuthentication –Authentication Managed –DomainName <domain name>
7. If you need to manually convert user accounts to standard authentication because
you used the –SkipUserConversion $true parameter, then enter this command:
Convert-MsolFederatedUser –UserPrincipalName <user@domain-name> -NewPassword
An actual command will look something like this:
Convert-MsolFederatedUser –UserPrincipalName –NewPassword
Bulk conversion of user accounts
It might not be feasible for you to manually convert each user by repeatedly issuing the
Windows PowerShell command, as shown in Step 6. To bulk convert users, you will have
to write a script to iterate through a list of users and manually convert them. We use the
following example script:
#Script to bulk convert users
#after Domain has been converted from
#Identity Federated to Standard Authentication
Connect-MsolService –Credential Cred$
Get-MsolUser –All | ForEach-Object {
Convert-MsolFederatedUser –UserPrincipalName $_.UserPrincipalName –NewPass-
word “Temp-pwd”
Search JabSto ::

Custom Search