We have so far signed up for Office 365 trial and have installed ADFS 2.0 on the domain controller in the test lab. Read part one and two of the series here. In this part, we will install & configure Microsoft Online Services Module for Windows PowerShell for single sign-on and setup Directory Sync in Office 365 portal.
Download the Microsoft Online Services Module for PowerShell, 32bit or 64bit depending on the server you have. Run the setup file on the domain controller (I am running ADFS 2.0 as well on the DC).
It is a standard install – accept the license, select the location, click install and finish.
Next step is to connect to Office365 using PowerShell & add/enable a domain for single sign-on. Launch Microsoft Online Services Module. Store the Office 365 admin credentials in a variable by running $cred = Get-Credential.
Connect to Office 365 by running Connect-MsolService –Credential $cred
Run Set-MsolAdfsContext –Computer “internal adfs 2.0 server fqdn” to create a context that connects you to ADFS. You don’t have to run this command if ADFS 2.0 and Online Services Module for PowerShell is installed on the same server. This is the case in my test lab and hence I have skipped this step.
Run New-MsolFederatedDomain –DomainName “domain name” where domain name is the domain to be added & enabled for single sign-on (the public domain name). I am using rajith.me in Office 365 and I have already added this domain. Hence, I will get the error below.
As the error explains, I need to run Convert-MsolDomainToFederated –DomainName rajith.me, as my domain is already added in Office 365. This command enables my domain for SSO. If you add a new domain using the command above (New-MsolFederatedDomain), the output will have instructions to create public DNS records to verify that you are the domain owner.
Next step is to enable Directory Sync in Office 365. Login to Office 365 using the admin account, click on “Users” on the left hand side, click “Setup” next to Active Directory synchronization.
Click “Activate” on step 3.
Confirm that you want AD sync to be activated.
It will take upto 24 hours for AD sync to be setup.
It took 4 hours in my case. We can’t progress until Office 365 shows “Active Directory synchronization is activated” in step 3.
This concludes part 3. Stay tuned for part 4!
Dear Sir,
i am following this guide & i am stuck in following troubleshoot,
Set-HybridConfiguration
Completed
Exchange Management Shell command completed:
Set-HybridConfiguration -Features ‘MoveMailbox’,’OnlineArchive’,’FreeBusy’,’Mailtips’,’MessageTracking’,’OwaRedirection’,’SecureMail’,’CentralizedTransport’ -Domains ‘postoffice.biz’ -ClientAccessServers ‘LABEX2′,’LABEX1’ -TransportServers ‘LABEX2′,’LABEX1’ -ExternalIPAddresses ‘202.63.198.208/28’ -OnPremisesSmartHost ‘mail.postoffice.biz’ -SecureMailCertificateThumbprint ‘A6ACCF89D0EDD94578AD749AF8A0F467EA947625’
Elapsed Time: 00:00:04
Update-HybridConfiguration
Failed
Error:
Updating hybrid configuration failed with error ‘Subtask Configure execution failed: Creating Organization Relationships.
Execution of the Set-FederatedOrganizationIdentifier cmdlet had thrown an exception. This may indicate invalid parameters in your Hybrid Configuration settings.
An error occurred while attempting to provision Exchange to the Partner STS. Detailed Information “An unexpected result was received from Windows Live. Detailed information: “1007 AccessDenied: Access Denied.”.”.
at Microsoft.Exchange.Management.Hybrid.RemotePowershellSession.RunCommand(String cmdlet, Dictionary`2 parameters, Boolean ignoreNotFoundErrors)
‘.
Additional troubleshooting information is available in the Update-HybridConfiguration log file located at C:\Program Files\Microsoft\Exchange Server\V14\Logging\Update-HybridConfiguration\HybridConfiguration_12_25_2012_13_5_32_634920375323417288.log.
Exchange Management Shell command attempted:
Update-HybridConfiguration -OnPremisesCredentials ‘System.Management.Automation.PSCredential’ -TenantCredentials ‘System.Management.Automation.PSCredential’
Elapsed Time: 00:01:01
Sir please tell me how can fix this issue
Tariq
Thanks
No probs. Part 4 will be online soon, sometime today ;)
You didnt user ADFS Proxy ?? for corporate users who are outsite the office and using office laptop to access their email on owa.