Upon moving from 2008R2 ADFS 2.0 to ADFS 3.0 on 2012 R2 I stumbeled into some issues.
I would like to share my solution for future reference:
One would think that it would be plenty to move the cert, make firewall changes and recreate the federation.
However I could not get it to work for the bare of me.
The solution was to set the Office 365 federation back to standard and then federate the domain from scratch.
-No useraccounts or emails were harmed in the process.. 🙂
So you need to install the Azure AD powershell, and single sign in assistant.
(-if you will be using Azure AD connect as well, the Sign in assistant is included in this.)
Connect to your 365 tenant with Azure AD powershell:
Enable-PSRemoting
connect-msolservice
or if remoting:
$msolcred = get-credential connect-msolservice -credential $msolcred
Revert to Office 365 to standard authentication:
convert-msoldomaintostandard -domainname mydomain.com -passwordfile pass.txt -skipuserconversion $true
Reconfigure the federated domain:
Set-MsolADFSContext -computer “FQDN of Local domain server!”
Convert-MsolDomainToFederated -domainname “domainname.com”
Update-MsolFederatedDomain
Check your settings:
Get-MsolFederationProperty -domainname “domainname.com”
Also check your companyinformation and the last dirsync time:
Get-MsolCompanyInformation
Test your Office 365 SSO settings with https://testconnectivity.microsoft.com
Run a test, be happy:)
