Hi,
We have had an ADFS deployment in place for almost a year now and have started to get the certificate warning messages. I have checked the process from the link in the email and it seems pretty straight forward, however before I attempted runt he update I thought i would check a couple of things out first:
To manually update trust properties, follow these steps.
| Note: |
|---|
| If you need to support multiple top-level domains, such as contoso.com and fabrikam.com, you must use the SupportMultipleDomain switch with any cmdlets. For more information, see Support for Multiple Top Level Domains. |
Open the Microsoft Online Services Module for Windows PowerShell.
Run
$cred=Get-Credential. When this cmdlet prompts you for credentials, type your Office 365 administration account credentials.Run
Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365. Creating a context that connects you to Office 365 is required before running any of the additional cmdlets installed by the tool.Run
Set-MSOLAdfscontext -Computer <AD FS 2.0 primary server>, where <AD FS 2.0 primary server> is the internal FQDN name of the primary AD FS 2.0 server. This cmdlet creates a context that connects you to AD FS 2.0.Note: If you have installed the Microsoft Online Services Module on the primary AD FS 2.0 server, then you do not need to run this cmdlet. Run
Update-MSOLFederatedDomain -DomainName <domain>. This cmdlet updates the settings from AD FS 2.0 into Office 365 and configures the trust relationship between the two.
Running the update in step 5 seems to only synchronise AD and O365, does it generate a new certificate as well as this is not clear from the instructions?, also I tried to Add a token signing certificate on our primary ADFS server and got a message telling me that the auto certificate rollover feature is enabled and requires disabling in order to add a cert.
I have 10 days left before they run out so want to get on it sooner rather than later but could do with some guidance?
Any help?
Regards
Drac
