Link to home
Start Free TrialLog in
Avatar of Scott Townsend
Scott TownsendFlag for United States of America

asked on

Federation Trust Account Name Space/ApplicationUri Name - Change? Where is it visible? Still there if Move all to O365?

When I setup our Office 365 Tenant I didn't want to use our Primary Domain right off the bat as I wanted to get things up and running and tested before I switched the Production Domain DNS over to O365.   When Doing this, the ApplicationUri and the AccountNamespace both reflect the Domain Name I chose when I created the Federation,  <ID>.<Domain.Name>

Microsoft Said the only way to change the  <ID>.<Domain.Name> is to destroy the Federation Trust and the Hybrid configuration and re-create everything! Not something I want to do.

My Questions:
  1. Besides the Internal Communications between the On-Premise and O365 servers is this  <ID>.<Domain.Name> visible to anyone?  
  2. If we eventually have everything in the Cloud and do not have an On-Premise Exchange Server, will this name go away at that point?


Get the Federation Trust ApplicationUri from On-Premise
[PS] C:\Windows\system32>Get-FederationTrust

Name                 ApplicationIdentifier     ApplicationUri
----                 ---------------------     --------------
Microsoft Federat... 000000004005162E          <ID>.<Domain.Name>

Open in new window


Get the Federated Organization Identifier AccountNamespace from On-Premise

[PS] C:\Windows\system32>Get-FederatedOrganizationIdentifier | fl AccountNamespace
AccountNamespace    :   <ID>.<Domain.Name>

Open in new window

Avatar of Mahesh
Mahesh
Flag of India image
1st of all there is no internal communication between O365 and adfs unless u have express route directly connecting to O365 internal networks

I am not sure about what domain you are talking about ?
Are u talking about federation service name like ata.domain
Com or u r talking about something else
If u r talking about adfs service name, u cabnot change it once created however don't need to change it as well
Even if u have multiple domains, still adfs can work happily with single name space
May be i am not clear what you are asking
Avatar of Mahesh
Mahesh
Flag of India image
sorry it's typo federation name could be like sts.domain.com
Avatar of Scott Townsend
Scott Townsend
Flag of United States of America image

ASKER

I'l talking about the ApplicationUri returned from Get-FederationTrust

It looks like: FYGHAOHGH7SGDLT.costono.com

Its the same as the TargetApplicationUri from this command:
Get-OrganizationRelationship "O365 to On-premises - 722b8d45-5f4a-4f48-a049-55437fe57d8d" | fl TargetApplicationUri
TargetApplicationUri : FYGHAOHGH7SGDLT.costono.com

In My Case costono.com in the TargetApplicationUri is a domain name that I got for my son and used because it was new and there was no existing mail going to it that I would mess up when I started the process of creating our tenant.  If things went wrong and Mail flow got messed up there would be no harm done as it was a test domain to use.

Now that we are working well and mail is flowing to all of the Accepted domains, I wanted to know :
  1. is FYGHAOHGH7SGDLT.costono.com is visible to the users at all when using Office 365 (outlook, Sharepoint, Teams, etc)
  2. If we go Full Office 365 and not have a Hybrid setup, will that trust even exist anymore?
Avatar of Mahesh
Mahesh
Flag of India image
Since that is MS federation gateway identifier, it will not come in picture anywhere
If you break hybrid, no trust is required between onpremise adfs and Microsoft federation gateway
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.