Export (0) Print
Expand All
Expand Minimize
1 out of 1 rated this helpful - Rate this topic

Convert-MsolDomainToStandard

Published: March 22, 2013

Updated: January 21, 2014

Applies To: Office 365, Windows Azure, Windows Intune

noteNote
  • This topic provides online help content for cloud services, such as Windows Intune and Office 365, which rely on Windows Azure Active Directory for identity and directory services.

  • The Windows Azure Active Directory Module for Windows PowerShell cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Convert-MsolDomainToStandard cmdlet converts the specified domain from single sign-on (also known as identity federation) to standard authentication. This process also removes the relying party trust settings in the AD FS server and online service. After the conversion, this cmdlet will convert all existing users from single sign-on to standard authentication. Any existing user who was configured for single sign-on will be given a new temporary password as part of the conversion process. Each converted user name and new temporary password will be recorded in a file for reference by the administrator. The administrator can then distribute the new temporary password to each converted user to enable the user to sign in to the online service.

Convert-MsolDomainToStandard -DomainName <string> -PasswordFile <string> -SkipUserConversion <Boolean> [-Confirm] [-WhatIf] [<CommonParameters>]
    -DomainName <string>
        The domain name to convert from single sign-on (also known as identity 
        federation) to standard authentication.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -PasswordFile <string>
        The file where converted users' user names and temporary passwords 
        will be recorded.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -SkipUserConversion <Boolean>
        If set to True, users will not be converted as part of the operation. 
        Administrators can run the cmdlet again to convert users at a later 
        date.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -Confirm [<SwitchParameter>]
        Prompts you for confirmation before executing the command.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    -WhatIf [<SwitchParameter>]
        Describes what would happen if you executed the command without 
        actually executing the command.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       false
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

You will require a connection to both the AD FS server and the Microsoft Online Services domain before the command can be run successfully. This following command removes the relying party trust information from the Microsoft Federation Gateway and the on-premises AD FS. In the command, contoso.com is the Microsoft Online Services domain name. The -PasswordFile parameter indicates the path of the text file that contains the newly created temporary password of each formerly-federated user’s account. The password file is created automatically and the passwords are set randomly. Open the c:\userpasswords.txt file to see the passwords that were created for each user.

Convert-MSOLDomainToStandard –DomainName contoso.com -SkipUserConversion $false -PasswordFile c:\userpasswords.txt
WarningWarning
If the -SkipUserConversion:$true parameter is used, a password file is not generated. In this case, the associated user accounts cannot be used until one of the following occurs: by using the Convert-MSOLDomainToFederated cmdlet.

  1. The domain is converted back to use federated authentication by using the Convert-MsolDomainToFederated cmdlet

  2. Each user account is converted to use standard authentication by using the Convert-MsolFederatedUser cmdlet

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.