Quantcast
Channel: TechNet Blogs
Viewing all articles
Browse latest Browse all 34890

Can’t convert domain to federated

$
0
0

I ran into an interesting problem setting up ADFS 2.1 on Windows Server 2012 for Office 365 federation. It is now a supported server OS for ADFS and Office 365 as long as you run the Azure Active Directory PowerShell. 

ADFS setup worked flawlessly and I setup the web certificate, etc. You can follow the ADFS 2.1 on Windows Server 2012 for Office 365 steps here now.

I went to convert my domain to federated in Azure Active Directory Powershell (steps here) to setup a Trust with Office 365 and it failed when I used the convert-msoldomaintofederated cmdlet.  I received an this error:

 

 

Convert-MsolDomainToFederated : Microsoft.Online.Administration.Automation.Iden
  tityInternalServiceException
  At line:1 char:30
  + Convert-MsolDomainToFederated <<<<  -DomainName domain.edu
     + CategoryInfo          : NotSpecified: (:) [Convert-MsolDomainToFederated
    ], FederationException
     + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Ident
    ityInternalServiceException,Microsoft.Online.Identity.Federation.Powershel    l.ConvertDomainToFederated

I found a fix that resolved this. You must run this PowerShell cmdlet first:

 

Set-MSOLpasswordpolicy validityperiod 90 –notificationdays 10 –domainname domain.edu

 

After I ran that – waited about 20 minutes – then ran:

 

convert-msoldomaintofederated –domainname domain.edu   - went through without issue.

 

It would appear that your password policy must be set to 270 days or less or you cannot convert your domain to a federated domain.

 

Finally, you should run get-msoldomain to check that you are indeed federated for that domain.


Viewing all articles
Browse latest Browse all 34890

Trending Articles