Share via

Federate sub-domain

Anonymous
2016-02-01T01:29:34+00:00

We are using a federated subdomain for coworkers but we also use a non federated top-level domain.

For test purposes we added a test domain to Office 365 (similar to the coworkers domain) and try to federate this domain a we hit an error.

Below the current domains in Office 365 and their Authentication;

C:> Get-MsolDomain

Name                                                                                    Status          Authentication

----                                                                                    ------          --------------

coworkerstest.contoso.com                                                                       Verified        Managed

contoso.com                                                                            Verified        Managed

coworkers.contoso.com                                                                    Verified        Federated

Now we would like to federate the coworkerstest.contoso.com domain so it is representative for tetst to the coworkers.contoso.com domain.

But we hit the following error;

C:> Convert-MsolDomainToFederated -DomainName coworkerstest.contoso.com -SupportMultipleDomain

Convert-MsolDomainToFederated : Converting sub-domains to Federated is not supported.

At line:1 char:30

  • Convert-MsolDomainToFederated <<<<  -DomainName coworkerstest.contoso.com -SupportMultipleDomain

    + CategoryInfo          : InvalidData: (:) [Convert-MsolDomainToFederated], FederationException

    + FullyQualifiedErrorId : SubDomainsNotSupportedForConvert,Microsoft.Online.Identity.Federation.Powershell.Convert

   DomainToFederated

Question;

- How can we federate coworkerstest.contoso.com?

- Is federation possible without removing the top-level domain contoso.com ? (cause some users in Office 365 have already @contoso.com email addresses so it can’t be removed)?

- If we federate top-level domain contoso.com will sub-domains automatically be federated also?

- If top-level domain is federated and sub-domains also automatically federated can a sub-domain also be converted to standard?

- If top-level domain is federated and sub-domains also automatically federated can a top-level be converted back to standard without affecting the sub-domain federation?

- What is the best approach for removing the top-level domain contoso.com?

- Are there known issues if we first add coworkerstest.contoso.com and federate it and later add contoso.com top-level domain and leave it standard?

Microsoft 365 and Office | Subscription, account, billing | For home | Windows

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2016-02-01T03:03:55+00:00

Hi dirkverhagen123,

For your queries:

  1. No. the sub domain will be changed once the root domain is changed, if the sub domain is added after the root domain.
  2. There should be no impacts.
  3. If the domain coworkerstest.contoso.com is added after the contoso.com, then it will be converted automatically whether we federate/un-federate the contoso.com domain.

Please note that if you have multiple root domains and you’re using the parameter “SupportMultipleDomain”, we may encounter issues when authenticating with the sub domain users, this is a known issue and you can find more details/workarounds in: http://blogs.technet.com/b/abizerh/archive/2013/02/06/supportmultipledomain-switch-when-managing-sso-to-office-365.aspx.

Was this answer helpful?

0 comments

Answer accepted by question author

Anonymous
2016-02-01T02:34:18+00:00

Hi dirkverhagen123,

The “SupportMultipleDomain” parameter is not applied to the scenario you mentioned.

For your queries, to federate the coworkerstest.contoso.com domain, if it’s added before the root domain, then we can use the PowerShell cmdlet Convert-MsolDomainToFederated to convert the domain individually. However, if it’s added after the root domain, it will automatically inherit the authentication mechanism that is configured for the parent domain, which means it will only be changed to federated unless we convert the root domain first.

The “SupportMultipleDomain” parameter is used only when you have multiple root domains which you want to convert to federated with the same ADFS service.

Was this answer helpful?

0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2016-02-01T02:46:28+00:00

    Thanks very clear but;

    1)If top-level domain is federated and sub-domains also automatically federated can a top-level be converted back to standard without affecting the sub-domain federation?

    1. Are there known issues if we first add coworkerstest.contoso.com and federate it and later add contoso.com top-level domain and leave it standard?

    3)if we federate contoso.com will coworkerstest.contoso.com also be federated and if yes can we un-federate contoso.com top-level domain?

    Was this answer helpful?

    0 comments