![]() ![]() Write-Warning -Message “Unable to connect to Microsoft Online Services, error message was: $($_.Exception.Message)” break Write-Verbose -Message “Attempting to connect to Microsoft Online Services”Ĭonnect-MsolService -Credential $Credentials -ErrorAction Stop -Verbose:$false # Continue processing depending on whether credentials was specified or not $Credentials = Get-Credential -Message “Enter the username and password for a Global Admin account:” -Verbose:$false # Get credentials for Microsoft Online Services Write-Warning -Message “Unable to load the Azure Active Directory PowerShell module” break Import-Module -Name MsOnline -ErrorAction Stop -Verbose:$false Next the ADFS context specified in the Computer parameter is set and a couple of validation tests are performed in order to make sure that you’re not attempting to convert an Azure AD tenant that’s already set for Federated Authentication. This script will first prompt for your Global Admin username and password, which is required in order to setup a connection to your tenant. Scriptīelow you’ll find the script that I’m using when converting an Azure AD tenant from Password Synchronization to Federated Authentication. ![]() Making this switch though, requires that you’ve successfully deployed a functioning ADFS Farm in your on-premise environment, which is not covered in this post. ![]() In this post, I’ve decided to share the script I normally use to accomplish the switch from Password Synchronization to Federated Authentication. ![]() It requires some PowerShell knowledge and access to a Global Admin account. If your Azure AD tenant is currently set for Password Synchronization, I’d recommend looking into changing to Federated Authentication.Ĭonverting an Azure AD tenant to Federated Authentication is a fairly easy task. However, there are many good reasons to implement (not just for security considerations) but also for additional capabilities like forcing Multi-Factor Authentication when end users are outside of the corporate network boundaries. For organizations that have deployed Azure AD Connect and are synchronizing their on-premise identities to Azure AD, you may start of with setting up Password Synchronization and letting Azure AD handle your authentications instead of using Active Directory Federation Services (ADFS). ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |