This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 83%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi,
I have to disable all Azure AD sync connections in a customer's environment.
User logon is forwarded to a portal that is not available anymore and users were synced with a local AD structure.
Since the local structure can not be accessed anymore without a lot of "roll-back work" I would like to disable the forward and
enable users to use the Microsoft login (portal.office.com) and use all the apps and data that is created already in Teams and so on.
I found a guide to disable Federated services but I am not sure if that is all I need to do and what will happen with users that are
already available and in use.
1 ) Open “Microsoft Azure Active Directory Module for Windows PowerShell“
2) Connect-MsolService – Enter Global Administrator Credential
3) Run get-MsolDomain and you will find that your domain is federated:
4) Convert-MsolDomainToStandard -DomainName Pelegit.co.il -PasswordFile C:\1.TXT -SkipUserConversion $true (The file won’t created):
5) Set-MsolDomainAuthentication -DomainName Pelegit.co.il -Authentication Managed
6) Get-MsolDomains:
In my case I would not skip the user conversion and set a new password for all users.
Can someone tell me if the conversion won't harm any data saved for the users in mailbox, the cloud and teams?
regards
Roland
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@RolN , I believe in your case the customer have decommissioned the on-premise environment and since there is no on-prem DC so there is no need for syncing users to azure AD and you can convert the domain from federated to standard domain in your azure AD tenant . The steps you have mentioned are correct. In this case you will not see any issues with mailbox and cloud data etc. because this change is only for custom domain and it does not change the user account . this affects the authentication systems only and not the other services. The UPN of user would not change from what I understand from your details and it should not cause any issue. Let me know if you still need any help on this and we can help you further .
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 13%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I think I need to run this command but could use some clarification on the password part.
I need to remove the Federation to XYZ.com - I have no users in XYZ.com on my tenant. There is no longer a connection to XYZ.com.
All of my users are in ABC.com which is the primary.
Do my users in ABC.com have their passwords changed when I run this command? Or is only the non-existent users in XYZ?
Thanks for your help!!
John