We have so far signed up for Office 365 trial and have installed ADFS 2.0 on the domain controller in the test lab. Read part one and two of the series here. In this part, we will install & configure Microsoft Online Services Module for Windows PowerShell for single sign-on and setup Directory Sync in Office 365 portal.
It is a standard install – accept the license, select the location, click install and finish.
Next step is to connect to Office365 using PowerShell & add/enable a domain for single sign-on. Launch Microsoft Online Services Module. Store the Office 365 admin credentials in a variable by running $cred = Get-Credential.
Connect to Office 365 by running Connect-MsolService –Credential $cred
Run Set-MsolAdfsContext –Computer “internal adfs 2.0 server fqdn” to create a context that connects you to ADFS. You don’t have to run this command if ADFS 2.0 and Online Services Module for PowerShell is installed on the same server. This is the case in my test lab and hence I have skipped this step.
Run New-MsolFederatedDomain –DomainName “domain name” where domain name is the domain to be added & enabled for single sign-on (the public domain name). I am using rajith.me in Office 365 and I have already added this domain. Hence, I will get the error below.
As the error explains, I need to run Convert-MsolDomainToFederated –DomainName rajith.me, as my domain is already added in Office 365. This command enables my domain for SSO. If you add a new domain using the command above (New-MsolFederatedDomain), the output will have instructions to create public DNS records to verify that you are the domain owner.
Next step is to enable Directory Sync in Office 365. Login to Office 365 using the admin account, click on “Users” on the left hand side, click “Setup” next to Active Directory synchronization.
Click “Activate” on step 3.
Confirm that you want AD sync to be activated.
It will take upto 24 hours for AD sync to be setup.
It took 4 hours in my case. We can’t progress until Office 365 shows “Active Directory synchronization is activated” in step 3.
This concludes part 3. Stay tuned for part 4!
UC Architect, Blogger, Husband & Dad. I have been in IT for the last 14 years, with interests in Active Directory, Exchange, Office 365 & Windows Azure. I am active on Experts Exchange & TechNet forums and I am a technical author for SearchExchange.