locked
How to check if first domain was Federated using SupportMultipleDomain  switch RRS feed

  • Question

  • Hello,

    We have a requirement to verify if first domain was federated in ADFS 2.0 Server using -SupportMultipleDomain switch or not.

    How can we identity this in the ADFS Server (Onpremise).

    One of the domain is already federated using command and working fine for SSO but we have a requirement to federate one more domain with ADFS Server for SSO.

    Convert-MsolDomainToFederated -DomainName domain.com

    Also help us in case first domain is not federated with -SupportMultipleDomain  switch like how to Unfederate and then federate both the domains.

    Thanks.

    AS

    Wednesday, January 31, 2018 7:18 PM

Answers

  • Hi,

    According to this article, if the -SupportMultiDomain switch WASN'T used, then running Get-MsolFederationProperty -DomainName <domain> for the federated domain will show the same FederationServiceIdentifier for both ADFS Server and Microsoft Office 365 (http://STSname/adfs/Services/trust). If the switch WAS used, then those values would be different - it would be http://STSname/adfs/Services/trust for ADFS Server and http://<domainname>/adfs/services/trust/ for Microsoft Office 365.
    Follow this article for a solution.

    Regards


    Friday, January 4, 2019 10:44 AM

All replies

  • Wait a minute,

    Convert-MsolDomainToFederated -DomainName domain.com

    Is not the same thing as:

    Update-MsolFederatedDomain -DomainName domain.com -SupportMultipleDomain

    The first one is converting a managed domain to a federated domain.

    The second is updating a current federated domain to support multi domain.

    Now, for this second, the flag is an Azure AD flag. There is no configuration settings per say in the ADFS server. However, since we are talking about IT archeology (ADFS 2.0), you might be able to see if the claim rule that send the Issuer ID can handle multiple domains, back in the day when we created the rule, I think it was doing for the mono domain scenario (in that case you can copy the rules here, and we'll see).

    Anyhow, all is documented here: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-multiple-domains  


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 5, 2018 1:46 PM
  • Thanks Pierre.

    Is there any command to check if -SupportMultipleDomain siwtch was used while converting first domain ?.

    If not, then do we have to break the federaton and then convert the first domain to fedeared using -supportmultipeswith

    or

    try converting second domain to federation using -support swith.

    If possible, coulc you help us out the steps for converting second domain as federated if first domain was not used using -supportmultipledomain switch.

    Thanks.

    Monday, February 5, 2018 3:55 PM
  • Hi,

    According to this article, if the -SupportMultiDomain switch WASN'T used, then running Get-MsolFederationProperty -DomainName <domain> for the federated domain will show the same FederationServiceIdentifier for both ADFS Server and Microsoft Office 365 (http://STSname/adfs/Services/trust). If the switch WAS used, then those values would be different - it would be http://STSname/adfs/Services/trust for ADFS Server and http://<domainname>/adfs/services/trust/ for Microsoft Office 365.
    Follow this article for a solution.

    Regards


    Friday, January 4, 2019 10:44 AM