Home > Office365 > Installing and Configuring Active Directory Federation Services for use with Single Sign On and Directory Synchronization– OFFICE365

Installing and Configuring Active Directory Federation Services for use with Single Sign On and Directory Synchronization– OFFICE365


office365

Hi Guys… Below article deliver very clear installation configuration steps you need to carry out during the Active Directory Federation process in Office 365. For your reference I have attached some error screenshots which may occur during the installation. Smile

Before configure Active Directory Federation Services you have to consider below requirement,

Each on-premises active directory user that will be synchronized online must have user principal name suffix which matched the domain which will be federated.

Create New New Host Record (A or AAA)

The purpose of creating this Host record in side the internal DNS server because we need to tell to the system that if applicant inside the corporate network will need to resolve in someway sts.valakulu.net will need to point not outside the organization but to the ADFS sever.

image

 

Create new Domain Certificate

image

 

image

 

image

 

image

 

image

 

image

 

image

 

Install and Configure ADFS 2.0 Setup

You can download ADFS 2.0 using below URL. I think most of you guys might think we don’t we install ADFS role which binds to Windows Server 2008 R2 roles section. The reason for that is to achieve the required milestones in this activity you need to have ADFS 2.0, Windows Server 2008 and 2008 R2 have ADFS 1.1 version.

http://www.microsoft.com/en-us/download/details.aspx?id=10909

 

image

 

image

 

image

 

image

 

image

 

image

 

Once the installation done, click AD FS 2.0 Federation server configuration wizard link and continue according to the below instructions.

 

image

 

image

 

image

 

image

 

image

 

image

 

image

 

image

 

Add and Verify federated domain in O365

To download the Microsoft Online Services Sing in In Assistant log in to Microsoft Online Portal using admin credentials.

image

Admin overview –> downloads –> how to manually install updates –> Download Microsoft Online Services Sign in assistant 64 bit version.

 

Install Microsoft Online services sign in assistant setup

image

 

image

 

image

 

Install Microsoft Online services module for windows PowerShell

Log in to O365 portal using an admin account –> Users –> Single Sign on Setup –> Install Microsoft Online services module for windows PowerShell –> Download 64bit version (This will very according to your requirement)

 

image

 

Installation steps…

image

 

image

 

image

 

image

 

image

 

Add a Federated Domain

Complete federation via PowerShell

Command

Description

$Cred=Get-Credentials

This will prompt for O365 credentials and store them in a variable

Connect-MsolService –Credetial $cred

Connect to O365 using stored credentials

Set-MSOLAdfscontext –Computer <AD FS 2.0 Primary Server>

Specify the local AD FS 2.0 Server

Convert-MSOLDomainToFederated-Domainname <Domain.com>

Convert the standard local domain to an identity federated domain

Get-MSOLFederationProperty

Show Identity federation properties.

My suggestion is to use the PowerShell on the ADFS server because this will avoid potential problems related to the firewall connectivity and so on…

The third command which I mentioned in the table should use if you run the PowerShell command not on the ADFS server. That is why strongly recommend install and run PowerShell command directly on the ADFS server.

image

 

Enter the user credentials you would use to sign in to Microsoft Online Services. This is your user name created for Microsoft Online Services Management. If you do not have your Microsoft Online Account Information, you need to obtain those credentials before continuing.

 

image

 

Here you will connect to online service and pass the previously stored credentials right in to the command by referencing the $cred variable.

 

image

 

Note : I need to highlight one thing for your information if you already add your domain name to the cloud you do not need to enter the below command. When you enter the below PowerShell command you will get an error saying as “The domain already exists as a standard authentication domain”.

You have to use the Convert Convert-MSOLDomainToFederated-Domainname <Domain.com> PowerShell command.

 

image

 

image

Get and verify Identity federation properties

Review the Microsoft Federation gateway settings. Here you are reviewing to see if the federation you have created was successful.

image

PS C:\Users\administrator.VALAKULU\Desktop> Get-MsolFederationProperty

cmdlet Get-MsolFederationProperty at command pipeline position 1

Supply values for the following parameters:

DomainName: valakulu.net

Source : ADFS ServerActiveClientSignInUrl : https://sts.valakulu.net/adfs/services/trust/2005/usernamemixed

FederationServiceDisplayName : sts.valakulu.net

FederationServiceIdentifier : http://sts.valakulu.net/adfs/services/trust

FederationMetadataUrl : https://sts.valakulu.net/adfs/services/trust/mex

PassiveClientSignInUrl : https://sts.valakulu.net/adfs/ls/

PassiveClientSignOutUrl : https://sts.valakulu.net/adfs/ls/

TokenSigningCertificate : [Subject] CN=ADFS Signing – sts.valakulu.net

[Issuer]

CN=ADFS Signing – sts.valakulu.net

[Serial Number]

16CC28999316649B4EC8A91A7F6468C9

[Not Before]

7/6/2012 11:30:26 AM

[Not After]

7/6/2013 11:30:26 AM

[Thumbprint]

3A9922C5F140F7A08F7E19FA563F0A298B38E1FE

NextTokenSigningCertificate :

PreferredAuthenticationProtocol :

Source : Microsoft Office 365

ActiveClientSignInUrl : https://sts.valakulu.net/adfs/services/trust/

2005/usernamemixed

FederationServiceDisplayName : sts.valakulu.net

FederationServiceIdentifier : http://sts.valakulu.net/adfs/services/trust

FederationMetadataUrl : https://sts.valakulu.net/adfs/services/trust/

mex

PassiveClientSignInUrl : https://sts.valakulu.net/adfs/ls/

PassiveClientSignOutUrl : https://sts.valakulu.net/adfs/ls/

TokenSigningCertificate : [Subject]

CN=ADFS Signing – sts.valakulu.net

[Issuer]

CN=ADFS Signing – sts.valakulu.net

[Serial Number]

16CC28999316649B4EC8A91A7F6468C9

[Not Before]

7/6/2012 11:30:26 AM

[Not After]

7/6/2013 11:30:26 AM

[Thumbprint]

3A9922C5F140F7A08F7E19FA563F0A298B38E1FE

NextTokenSigningCertificate :

PreferredAuthenticationProtocol : WsFed

Active Directory Synchronization

DirSync Enable Coexistence

  • Provisions objects in Office 365 with same email addresses as the objects in the on-premises environment.
  • Provides unified Global Address List experience between on premises and O365.
  • Enables mail routing between on premises s and office 365 with a shared domain namespace.
  • Enables application coexistence for Microsoft Lync.
  • Enable Exchange coexistence scenario. (Simple and hybrid scenario).

DirSync Enables Single Sign-On

Enables “run state” administration and management of users, contacts and groups.

Login to O365 admin portal using an admin account –> Users –> Active Directory Synchronization –> Setup

 

image

 

image

 

image

Note: Directory synchronization will take about 1-3 hours to replicate.

Install Directory Synchronization Tool

image

 

image

 

image

 

image

 

Synchronize Active Directory

image

 

Enter Microsoft Online Credentials.

image

 

You may get below error if you do not activate directory sync in Microsoft Online Portal.

 

image

 

Enter On-premises admin username and password

 

image

 

image

 

image

 

image

 

image

 

image

 

Below you will see synced user with different icon…

 

image

If you want the changes made to the user account in the local active directory immediately synchronized with the O365 (Cloud), navigate to Directory Sync sever Microsoft Online Directory Sync folder. This will be performed by running a PowerShell script.

C:\Program Files\Microsoft Online Directory Sync

image

Here we go…. we have just finished Configuring Active Directory Federation Service for Office 365. Now you good to go with online sync… Hope this post will useful for you guys.. Smile

Categories: Office365
  1. yongrak
    September 11, 2012 at 5:42 pm

    Wow. thank for you .. such a great article.

  2. September 12, 2012 at 12:08 am

    Glad to hear that yongrak… 🙂

  3. May 6, 2013 at 10:32 pm

    Wow, that’s what I was looking for, what a stuff! existing here at this weblog, thanks admin of this website.

  4. June 25, 2013 at 10:24 am

    I like the helpful information you provide in
    your articles. I’ll bookmark your blog and check again here regularly. I am quite sure I will learn plenty of new stuff right here! Good luck for the next!

  5. June 27, 2013 at 10:15 pm

    Hello i am kavin, its my first time to commenting anyplace, when i read this piece of writing i thought i could also make comment due
    to this good article.

  6. August 1, 2013 at 11:58 am

    You can watch the latest weather updates by just taking a look at your phone’s home screen, where it automatically posts weather info, and without having to launch the application. With this much controversy clinging to its name, it ought to come as no real surprise that several with the world’s law enforcement officials authorities
    happen to be looking for ways to shut it down for good.
    Now, movies aren’t one and only thing that piracy trackers allow links too.

  7. August 7, 2013 at 3:27 pm

    Excellent goods from you, man. I’ve understand your stuff previous to and you are just too magnificent. I actually like what you’ve acquired here, certainly like what you’re saying and the way in which you say it. You make it enjoyable and you still care for to keep it wise. I can not wait to read much more from you. This is really a terrific website.

  8. September 11, 2013 at 11:40 pm

    Thanks to mmy father who informed me concerning
    this website, this web site is really remarkable.

  9. September 15, 2013 at 4:50 am

    If some one wishes expert view concerning running a blog
    after that i advise him/her to pay a quick visit this webpage, Keep up the nice job.

  10. May 3, 2014 at 11:11 pm

    It’s really a cool and useful piece of information. I am
    satisfied that you just shared this useful info with
    us. Please stay us up to date like this. Thank you for sharing.

  11. July 25, 2014 at 6:05 am

    Howdy! I could have sworn I’ve visited this blog before but after browsing
    through some of the posts I realized it’s new
    to me. Regardless, I’m certainly happy I stumbled upon it and I’ll be bookmarking
    it and checking back frequently!

  12. July 25, 2014 at 3:05 pm

    Hi there just wanted to give you a quick heads up.
    The text in your post seem to be running off the screen in Chrome.
    I’m not sure if this is a formatting issue or something to do with internet browser compatibility but I thought I’d post to let you know.
    The design and style look great though! Hope you get the issue resolved soon. Kudos

  1. August 16, 2012 at 11:46 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: