Office 365 with SSO on subdomain

We are about to move to Office 365 and we want to sync our AD.
I have installed ADFS 2.0, DirSync etc and Everything is working fine in our test Environment.
BUT, with the real case I cant use our email domain because there is already an A record pointing to our homepage.
(And there must be an A record pointing to our local network?)
So I created a subdomain instead but when I try to federate that suddomain it only said that it isn´t supported.
Do I have to create a new domain that is unused?
Or how do I solve this?

/Peter
FutureITPartnerAsked:
Who is Participating?
 
Vasil Michev (MVP)Commented:
We seem to be talking about different things. The DNS record/certificate is tied up with the AD FS farm FQDN, that can be sts.domain.com or whatever. When configuring the O365 RPT however, you federate the top-level domain, and all subdomains are included automatically. You dont need to have any additional records or anything, simply run the cmdlet against the primary domain.
0
 
FlorinCommented:
When you say "I cant use our email domain because there is already an A record pointing to our homepage.
(And there must be an A record pointing to our local network?)" which A record are you referring to specifically?
0
 
FutureITPartnerAuthor Commented:
Lets say that our email domain is: maindomain.com
And my our website is: www.maindomain.com
When we configure O365 and SSO I have to make maindomain.com point to our WAN IP so that we can forward port 443 to our ADFS server. That is, create an public A record to our WAN IP.
But we have an A revord already for maindomain.com, pointing to our ISP.
Hope you understand what I meen :-)
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

 
Vasil Michev (MVP)Commented:
The usual setup is to use something like sts.domain.com or adfs.domain.com, pointing to the AD FS farm. No need to change anything on the top level domain. But of course make sure that the certificate you will use includes the FQDN of the AD FS farm, whatever it will be :)
0
 
FutureITPartnerAuthor Commented:
I tried using o365.maindomain.com but when I tried to convert it to federate, Powershell gave an error about that it wasn´t supported.
0
 
FlorinCommented:
I agree with Vasil and this is where I wanted to get as well, hence the question about the specific A record you were unable to create? You should be fine with using your domain.com if you configure it properly.
0
 
FutureITPartnerAuthor Commented:
OK. I tried it again and now its working like you said.
I have done that before and it didn´t work.
I Think it was because I first added maindomain.com to Office365 och converted it to Federated. Then I added o365.maindomain.com a couple of Days later, and changed the IIS etc.

This time I converted maindomain.com to standard then I converted it to Federated when o365.maindomain.com was present in the O365.

Could this be the case?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.