If you are not sure what the ADFS claim rules should look like for your environment, you can use the following online tool: Azure AD RPT Claim Rules.
SupportMultipleDomain switch when managing SSO to Office 365
Hi
We have configured SSO for Office 365 through ADFS (Farm behavior level 3). Azure AD connect is installed with a separate server. We have configured a new UPN (newupn.com) with all users and will remove the old UPN (oldupn.com) soon in the future. With AD connect server below is the current status
Get-MsolDomain
Name Status Authentication
newupn.com Verified Managed
oldupn.com Verified Federated
mycompanyhub.onmicrosoft.com Verified Managed
mycompanyhub.mail.onmicrosoft.com Verified Managed
mycompanyhub.sa Verified Managed
Since all the configuration was managed by a previous engineer we don't have exact idea on configuration changes. We plan to run below commands with new upn, please let us know whether they correct the SSO with new upn
Convert-MsolDomainToFederated -DomainName newupn.com -SupportMultipleDomain
Should we run the -SupportMultipleDomain with existing UPN? Also in case of any issues, to revert the newupn.com as Managed, shall we run the command Convert-MsolDomainToStandard? What else we need to check with ADFS once we run above commands?
Thanks in advance
1 answer
Sort by: Most helpful
-
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
2021-02-23T18:56:03.647+00:00