I've deployed ADFS 4.0 using Windows Server 2016 and OnPremise AD is synched using Azure AD Connect for the Hybrid configuration.
Since our AD structure is Single Forest Single Domain AD and I can see the information like below from the Azure console: Primary domain is just one that is domain.com
However, we have multiple users with different UPN configured in AD.
So shall I execute it for each UPN or just one for domain.com only?
Based on: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-multiple-domains
Powershell script **
**
$Cred = Get-Credential
Connect-MSOLservice -Credential $Cred
# For all users that login with the UPN First.LastName@domain.com
$Domain = 'domain.com'
Convert-MsolDomainToFederated -DomainName $Domain -SupportMultipleDomain
Get-MsolDomainFederationSettings -DomainName $Domain
# For all users that login with the UPN First.LastName@company1.net
$Domain = 'company1.net'
Convert-MsolDomainToFederated -DomainName $Domain -SupportMultipleDomain
Get-MsolDomainFederationSettings -DomainName $Domain
# For all users that login with the UPN First.LastName@Subsidiary2.org
$Domain = 'Subsidiary2.org'
Convert-MsolDomainToFederated -DomainName $Domain -SupportMultipleDomain
Get-MsolDomainFederationSettings -DomainName $Domain
**
**
Install-Module -Name AzureAD
Connect-AzureAD (use Global.Admin@ParentCompany.onmicrosoft.com - Azure Cloud only account)
# For all users that login with the UPN First.LastName@domain.com
Set-MsolDomainAuthentication -Domain 'domain.com' -Authentication Managed
# For all users that login with the UPN First.LastName@company1.net
Set-MsolDomainAuthentication -Domain 'company1.net' -Authentication Managed
# For all users that login with the UPN First.LastName@Subsidiary2.org
Set-MsolDomainAuthentication -Domain 'Subsidiary2.org' -Authentication Managed
Any help and suggestion would be greatly appreciated.
Thank you in advance.