Add Support for Multiple Domains for federation with O365
Hi Team, We currently have ADFS (ADFS is running on Windows 2016) in place for around 100 users auth to 365 using a single domain 'domain1.com', we have federated it and enabled SSO. We now need to federate additional domains - 'domain2.com and domain3.com' The new domains have been added and verified in 365 so now show as managed domains The original domain1.com did not have the -supportmultipldomains switch used when it was converted to a federated domain. What do we need to do here? Should we remove the Microsoft Online trust from AD FS federation server Management Console? and then update original domain . Though, i assume it will be done during non-business hours. Password synch is enabled and we do not want to change passwords of users. What will be the Impact on 100 or more current users of The original domain1.com, if we delete the Microsoft Office 365 Identity Platform entry from our AD FS federation server Management Console? Please explain the impact on the Production Users. Thanks!
AzureAD Joined Device and onprem w/ PIN
I am working on a scenario where we want to move to Azure ADDS, we still have some need for LDAP/S, Unix, etc but want on prem to go away. Endpoints are already azure AD Joined to the 365 Tenant. Tenant is insync with onprem w/ Azure AD Connect w/ password hash as well... here is where it gets fun...endpoint with password login has no problem accessing onprem file server, but as you know Azure Join Devices force pin enrollment and default to it. When user logs in with PIN, I get cred prompt...eventually this box will goto azure, but I suspect this will occur when it gets out there also... I have attempted AzureAdKerberosServer, oneway trust with AADDS/Local and domain certificate avenue, no love...has anyone gone down this rabbit hole?
How to make Skype for Business and OneDrive automatically insert credentials on launch ?
We have a client, that wants new users to sign in to a domain joined computer and automatically get signed in to Outlook, Skype for Business and OneDrive. Now the client has an on-premise Active Directory which is synced with AAD Connect to Office 365. So desktop applications are Office 365. Now, I have configured Seamless Single Sign On feature and configure modern authentications, pushed intranet sites with GPO. This has solved half of the issue, now the users don't have to enter their password, only email. But Outlook and Teams for example already automatically get their email address entered into Sign in Address bars, that can't be said for Skype for Business and OneDrive though, I still need to manually enter email addresses there and let sSSO do it's work. Now my question is this, is it possible to make it so, that all of the remaining applications (Skype for Business and OneDrive) would automatically insert user's email address into Sign in Address (or email address, or user name, etc.) on first launch?Password Write Back not working
We are using Azure AD connector for syncing users accounts from AD > Azure. Now we want to use the write back solution, but we are getting an error, ID 31035. Steps I have already done in Azure AD connect: Use a admin user of the Azure AD Use a special local AD user with right to change password Admin user in Azure AD Ă¡nd the test user have Azure Premium licenses Checked in powershell if PassWordReset is running Disable firewall 'ADFS' server Restarted the service on the 'ADFS' server No luck... Any other solution?Seeking advise for Migration On-prem to Office 365
Hi, Our company wants to migrate mailboxes on our on-prem (this mailboxes are used by the application) total of 50 mailboxes. Hope you can guide what migration is the best and safe way to use? In my mind is staged as they would like to do testing first on one mailbox to test if it is working fine with the application using the mailbox is it possible ? Best Regards, Mark Diaz
AD Sync removal
Hi, Currently working on a local AD forest / domain tear down process and looking to remove the current AD synch process. The forest is currently synchronizing to a multi domain O365 tenant which also has AD Sync running from other domains in a different forest. What is the best safest way to remove AD sync from the legacy Forest / Domain with out impacting the other forest / domains synch process? Looking forward to you advise. Cheers
