[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ADFS setup with multiple domains. Certificate and A records requirements for multiple domains.

Posted on 2014-03-03
3
Medium Priority
?
3,533 Views
Last Modified: 2014-03-03
Hello,
I just wanted to verify if you need to use several UPNs and federate several domains with one ADFS server for Office 365, do you need an additional names for each on the cert as well as A record in external DNS to point to ADFS proxy?

I am reading that you only need one A record to point to the FQDN of your ADFS farm and just one name on the cert? Correct?

Also, on the cert, does the FQDN of the server farm needs to be common name or it can just be alternative name? So, if this can be an alternative name, then we can use the UCC cert, for example, from the Hybrid server, and just add adfs.domain.com as an alternative name? What is the best practice? Is it best to buy a separate certificate for ADFS server with common name as adfs.domain.com?

Please, advice.
Thank you very much.
0
Comment
Question by:claudiamcse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 43

Accepted Solution

by:
Vasil Michev (MVP) earned 2000 total points
ID: 39901590
The subject name should point to the FQDN, if you only have the FQDN added to the SAN it might not work: http://technet.microsoft.com/en-us/library/hh341473.aspx

You do not need certificates for other domains, only for the AD FS endpoint. The recommended setup is to create the DNS record sts.domain.com, select the  endpoint sts.domain.com during AD FS setup and select the corresponding SSL certificate with sts.domain.com subject name. The names of course can be different, just make sure all these three pieces match.

You do not need separate certificates for subdomains as well.

Here is also another thread on the community forums that discusses this, and it might help with the other issue you are facing:

http://community.office365.com/en-us/forums/613/p/43477/149671.aspx
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39901595
You'll find all of your answers here:
http://community.office365.com/en-us/forums/613/t/195339.aspx

(and perhaps answers to a few things you haven't asked yet)  :-)
0
 

Author Closing Comment

by:claudiamcse
ID: 39901708
Thank you very much! Excellent.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question