locked
Office 365 Federated domains - change ADFS server RRS feed

  • Question

  • Hello,

    We have a number of federated domains in Azure AD/O365 with our ADFS farm, for SSO.

    All is working fine, however we need to decomission this farm, so I have built a new one. We have migrated the third party trusts we have, however I need to set up the new farm as the federated server for Office 365.

    What is the best way to move the federated domains to the new ADFS farm?

    Thanks in advance.

    Andrew


    Wednesday, March 28, 2018 2:32 PM

Answers

  • Thanks for the reply, I hadn't considered that. I was thinking of using the info on here, to update the info?

    https://support.microsoft.com/en-gb/help/2647048/how-to-update-or-repair-the-settings-of-a-federated-domain-in-office-3

    I need to create the Office 365 relying party trust and I understood it was created by running the command Set-MSOLADFSContext –Computer: <AD FS 2.0 ServerName> on one of the new ADFS servers.

    Then run the following to update all the federated domains to point to the new farm. Update-MSOLFederatedDomain –DomainName: <Federated Domain Name>  supportmultipledomain

    Would that do it?

    • Marked as answer by voyco Friday, April 13, 2018 2:56 PM
    Thursday, March 29, 2018 7:26 AM

All replies

  • I guess the easiest way is to use AAD Connect and reset the trust:


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Wednesday, March 28, 2018 5:38 PM
  • Thanks for the reply, I hadn't considered that. I was thinking of using the info on here, to update the info?

    https://support.microsoft.com/en-gb/help/2647048/how-to-update-or-repair-the-settings-of-a-federated-domain-in-office-3

    I need to create the Office 365 relying party trust and I understood it was created by running the command Set-MSOLADFSContext –Computer: <AD FS 2.0 ServerName> on one of the new ADFS servers.

    Then run the following to update all the federated domains to point to the new farm. Update-MSOLFederatedDomain –DomainName: <Federated Domain Name>  supportmultipledomain

    Would that do it?

    • Marked as answer by voyco Friday, April 13, 2018 2:56 PM
    Thursday, March 29, 2018 7:26 AM
  • The AADConnect configuration wizard would create the same trust, too, if you specify the correct ADFS farm to do it. However, I must admit I haven't used AADConnect's wizard for a "swing-migration" of ADFS farms in that scenario - technically, it should work.

    The Powershell command(s) that you reference have worked in the past, and tell both ADFS and Azure AD to do the necessary things to create the Relying Party Trust in ADFS and update the authoritative IdP on Azure AD's side.


    The views and opinions expressed in my postings do NOT necessarily correlate with the ones of my friends, family or my employer. Let's give the thread opener a chance to mark an answer themselves.

    Monday, April 2, 2018 9:38 AM
  • Running the 2 powershell commands on the new ADFS server did the trick, all working now on the new ADFS farm.
    Friday, April 13, 2018 2:56 PM