Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Problem converting Office 365 domain to federated for ADFS 2.0

Posted on 2013-02-01
5
Medium Priority
?
3,559 Views
Last Modified: 2013-05-17
Hello all,

I've been trying to get my organization switched over to Office 365.  We currently host our own Active Directory and Exchange 2010 servers on premise.  My plan is to fully setup ADFS 2.0 and a proxy to provide the authentication for our AD (we are going to disable the extended protection).

I've provisioned three servers thus far: two ADFS and one ADFS proxy.  I've already installed ADFS, a SQL Server instance, setup NLB, and connected the servers to SQL as a farm.  I've been trying to convert our (already verified) domain on Office 365 to be federated via PowerShell with the following command:

PS C:\Windows\system32> Convert-MsolDomainToFederated -DomainName example.com

Open in new window


The problem is that I'm getting a Microsoft.Online.Administration.Automation.IdentityInternalServiceException  The specifics are:

CategoryInfo : NotSpecified: (:) [Convert-MsolToFederated], FederationException
FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.IdentityInternalServiceException,MicrosoftOnline.Identity.Federation.Powershell.ConvertDomainToFederated

Open in new window


Any help regarding this would be super helpful.  I'm really have a hard time getting this hybrid forest setup because of the ADFS and all that is involved.
0
Comment
Question by:jbcsystech
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:justinoleary911
ID: 38844419
Where did you run the command Convert-MsolDomainToFederated?

If you are not running the command Convert-MsolDomainToFederated on your Active Directory Federation Services (ADFS) server , it is required to connect to the ADFS server first by running the following command:

Set-MsolADFSContext –Computer <AD FS 2.0 server name>

I suggest running the command Convert-MsolDomainToFederated on your ADFS server directly. For your reference, I provide the information about how to deploy Active Directory Federation Services 2.0 and configure Microsoft Online Services Module for Windows PowerShell as below:

Plan for and deploy Active Directory Federation Services 2.0 for use with single sign-on
http://onlinehelp.microsoft.com/en-us/Office365-enterprises/ff652539.aspx

Install and configure the Microsoft Online Services Module for Windows PowerShell for single sign-on
http://onlinehelp.microsoft.com/en-us/Office365-enterprises/ff652560.aspx
0
 

Author Comment

by:jbcsystech
ID: 38844671
Hello Justin,

Thanks for your quick response.  I've actually been following those guides you posted along with some others.  I ran the command from one of my ADFS servers, actually.  Now I have them setup as ADFS1 and ADFS2 with NLB.  I have SQL Server running on ADFS1.

Some of a guides I've been following for your reference:
http://www.stevieg.org/2012/05/configuring-ad-fs-2-with-tmg-based-sso-to-office-365/
http://jorgerdiaz.wordpress.com/2011/04/20/office-365-configuring-ad-fs/
http://blog.msresource.net/2011/05/23/deploying-a-federation-server-with-a-sql-database/
0
 
LVL 10

Accepted Solution

by:
justinoleary911 earned 2000 total points
ID: 38844772
We actually had a customer with this issue and it was solved by changing the domain password policy to the default one:

Set-MsolPasswordPolicy -ValidityPeriod 90 -NotificationDays 14 -DomainName domain.com

let me know if this helps
0
 

Author Closing Comment

by:jbcsystech
ID: 38845027
That was it!  Thanks so much.
0
 

Expert Comment

by:Joel Parmer
ID: 39176134
Holy!  That would NEVER have crossed my mind but that did the trick.  Thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With its various features, Office 365 can not only help you with your day-to-day business tasks, it can also do wonders for your marketing campaign.
A company’s greatest vulnerability is their email. CEO fraud, ransomware and spear phishing attacks are the no1 threat to a company’s security. Cybercrime is responsible for the largest loss of money to companies today with losses projected to r…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question