IT tutorials
 
Applications Server
 

Microsoft Lync Server 2013 : Lync Online and Hybrid Deployments - AD FS Deployment for SSO (part 3) - Adding or Converting a Domain for SSO

11/28/2013 2:48:18 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

10. Establishing Trust with Office 365 for SSO

After the federation service is fully operational, the next step is to configure the trust between AD FS and Office 365. This is accomplished using the Microsoft Online Services Module for Windows PowerShell, which installs a set of Windows PowerShell cmdlets that can be used to configure the trust and enable SSO for a domain, as described in the following sections.

11. Installing the Microsoft Online Services Module

The Microsoft Online Services Module can be downloaded directly from the Office 365 site, and is available in both 32-bit and 64-bit versions. Following are the requirements for a system to run the Microsoft Online Services Module:

• Supported operating systems are Windows 7 or Windows Server 2008 R2.

• .NET Framework 3.5 SP1 must be enabled as a Windows feature.

• Office 365 software updates should be downloaded and installed from the Office 365 portal to ensure that the appropriate versions of all software are used.

The Microsoft Online Services Module also requires administrative access to AD FS 2.0 for the cmdlets to execute successfully. If the module will not be installed and run directly on a federation server, remote access to AD FS must be enabled. You can accomplish this by opening Windows PowerShell as an administrator on the federation server and executing the cmdlet enable-psremoting.

12. Adding or Converting a Domain for SSO

Each domain that will be used for SSO with Lync Online/Office 365 must either be added as an SSO domain or be converted from a standard domain to SSO. The Microsoft Online Services Module is used to add or convert the domain, which sets up a trust between the internal AD FS deployment and Office 365.

Use the following procedure to add a new domain for SSO:

1. Open the Microsoft Online Services Module.

2. Execute the command $cred=Get-Credential, and then at the prompt enter the credentials of an Office 365 administrative account.

3. Execute the command Connect-MsolService -Credential $cred, which creates a connection to Office 365, as required to run the remaining cmdlets.

4. Execute the command Set-MsolAdfscontext -Computer <ADFSprimary>, where <ADFSprimary> is the fully qualified domain name of the primary federation server. This cmdlet creates a connection to the internal federation service.


Note

If the Microsoft Online Services Module is installed on the federation server, the Set-MsolAdfscontext cmdlet is not required.


5. Execute the command New-MsolFederatedDomain -DomainName <Domain>, where <Domain> is the domain to be added and enabled for SSO.

6. The results of the New-MsolFederatedDomain cmdlet include information that must be used to verify ownership of the new domain. Specifically, a new DNS record (either a TXT record or an MX record) must be created within the zone that will be enabled for SSO, and this DNS record is used by Office 365 to confirm domain ownership. Follow through with the instructions to add either the TXT or the MX record to the public DNS zone, and then wait for the change to take effect. The amount of time required will depend on DNS propagation delay, as well as the DNS provider being used.


Note

While either the TXT or the MX record can be tested for validation for Office 365, the TXT record is the preferred method of validation. The reason for this is that the MX record required for validation specifies an address value ending in .invalid, and not all DNS providers support this record. The TXT record, on the other hand, is much more commonly supported.


7. After the DNS verification record has propagated, the New-MsolFederatedDomain cmdlet is executed a second time, specifying the same domain name to finalize the addition of the new SSO domain.

The following procedure would be used to convert a domain that has already been added to Office 365 from a standard domain to SSO:

1. Open the Microsoft Online Services Module.

2. Execute the command $cred=Get-Credential, and then at the prompt enter the credentials of an Office 365 administrative account.

3. Execute the command Connect-MsolService -Credential $cred, which creates a connection to Office 365, as required to run the remaining cmdlets.

4. Execute the command Set-MsolAdfscontext -Computer <ADFSprimary>, where <ADFSprimary> is the fully qualified domain name of the primary federation server. This cmdlet creates a connection to the internal federation service.


Note

If the Microsoft Online Services Module is installed on the federation server, the Set-MsolAdfscontext cmdlet is not required.


5. Execute the command Convert-MsolDomainToFederated -DomainName <Domain>, where <Domain> is the domain to be converted to SSO.


Note

When a domain that has already been added to Office 365 is converted to SSO, every licensed user automatically becomes federated for SSO.


 
Others
 
- Microsoft Lync Server 2013 : Lync Online and Hybrid Deployments - AD FS Deployment for SSO (part 2)
- Microsoft Lync Server 2013 : Lync Online and Hybrid Deployments - AD FS Deployment for SSO (part 1) - Configuring the First Federation Server in the Farm
- Sharepoint 2013 : Managing and Configuring Communities
- Sharepoint 2013 : Managing and Configuring My Sites (part 4) - SkyDrive Pro
- Sharepoint 2013 : Managing and Configuring My Sites (part 3) - Configuring My Sites - Managing Social Tags and Notes, Manage Following
- Sharepoint 2013 : Managing and Configuring My Sites (part 2) - Configuring My Sites - Enabling the Activity Feed Job
- Sharepoint 2013 : Managing and Configuring My Sites (part 1) - Configuring My Sites - My Site Host Site Collection, Setting Up My Sites
- Exchange Server 2013 : Building an Available Messaging System (part 3) - INTERSITE REPLICATION BANDWIDTH
- Exchange Server 2013 : Building an Available Messaging System (part 2) - Exchange Hybrid Deployment, Database Availability Group Planning
- Exchange Server 2013 : Building an Available Messaging System (part 1) - Transport, Namespace Planning
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
Facebook
 
Technology FAQ
- IIS Web site works in all browsers except Safari on Mac
- notification
- alternative current in to a pc
- parse url in JavaScript
- Dual WAN on a Fortigate 60
- Should Sys Admins (Domain Admins) also have user accounts?
- DR solution for data warehouse
- C# Creating Plugins
- SCCM 2007 collection by OU not showing all pc's
- Email account got spoofed?
programming4us programming4us