Wednesday, September 5, 2018

Changing a Custom Domain from AD FS to Password Sync in Azure

In my test lab tenancy I needed to convert a domain from using AD FS to PasswordSync.  The AD FS infrastructure i had setup no longer existed and i needed to re-purpose the lab.

There is no way of achieving this using the Azure Portal that i could see - and i could not find any documentation online on how to do this.

To achieve this change you must connect to your Azure AD Tenancy via PowerShell with:


If we run a Get-MsolDomain we see that is in a federated state and redirecting me to a AD FS portal which no longer exists.

After you have enabled Password Sync in the Azure AD Connect tool and synchronised the on-premises accounts to AzureAD, you can then set back to a Managed domain.

To do this use the following command:

Set-MsolDomainAuthentication -DomainName -Authentication Managed

We can now see that its in a managed state:

If you wait a few minutes, you will now notice signing into services will authenticate in Azure AD and you will no longer be redirected back to an AD FS portal.

No comments:

Post a Comment