Solved

Office 365 Exchange 2013 Hybrid - Federating a second domain Azure AD

Posted on 2016-08-05
2
58 Views
Last Modified: 2016-08-08
Hello,

We have recently added/verified another domain to Office 365 and would like to Federate it. As of this moment Azure AD is reporting:

Domains Verified for Directory Sync: 2
Domains Configured For Single Sign-On: 1

The instructions for "Configuring An Existing Customer Domain For Single Sign-On" gives me the command:

Convert-MsolDomainToFederated –DomainName domainname.com

My concern is Microsoft's statement in their article which states: "It’s best to perform a conversion when there are the fewest users, such as on a weekend, to reduce the impact on your users."

They don't exactly say or describe what that "impact" will be!

My questions

1. Does anyone know what this "impact" will be?
2. Will this at all affect existing users that are currently logged in via the initial federated domain?
3. Does this change require any additional changes with Azure AD Sync or within On-Premise ADFS?

Any insight or help would be greatly appreciated!
0
Comment
Question by:danherbon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 41

Accepted Solution

by:
Vasil Michev (MVP) earned 500 total points
ID: 41744915
Just to clean things up a bit first - Hybrid has nothing to do with AD FS, don't mix them up.

As for federating additional domains, you basically need to recreate the trust with O365. Well, if it's a subdomain, you dont need to do anything. For example, if you have federated domain.com, then uk.domain.com will automatically be federated as well. If you are trying to federate anotherdomain.com however, you need to redo things with using the SupportMultipledomain switch. Details for example here: http://www.msexchange.org/blogs/walther/news/office-365-adfs-support-for-mutiple-upns-724.html

And you need to be careful if you have multiple subdomains: https://blogs.technet.microsoft.com/abizerh/2013/02/05/supportmultipledomain-switch-when-managing-sso-to-office-365/
0
 
LVL 1

Author Closing Comment

by:danherbon
ID: 41747539
Thanks!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question