We're using AWS Managed Directory Service and federating it to Azure AD so users can use the federated login through our ADFS server. We're following the AWS Documentation but receiving an error running the following command:
please note I used our internal domain here (not example.com):
PS C:\Users\Fairfax.tech.Guy.admin> Convert-MsolDomainToFederated -Debug –domain example.com
Confirm
Are you sure you want to perform this action?
Performing the operation "Convert-MsolDomainToFederated" on target "example.com".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Convert-MsolDomainToFederated: Object reference not set to an instance of an object.
Neither Microsoft support nor AWS support has been helpful. We seem to be in a finger pointing situation. Microsoft tells us to run the AzureAD Connect wizard and select Federated SSO login but for the AWS Managed AD we only have a delegated admin and thus AWS tells us to use the steps outlined here:
Our domain is validated in AzureAD. While we created a public DNS entry, our domain is not open to the internet (internal domain). Moreover we did the directory synchronization before we validated our domain. I'm wondering if I need to remove that and redo because we did it in the wrong order but I see the AD user objects tied to the validated domain.