.png)
Convert-MsolDomainToStandard
Published: March 22, 2013
Updated: April 19, 2013
Applies To: Office 365, Windows Intune
 Note |
|---|
|
The Convert-MsolDomainToStandard cmdlet converts the specified domain from single sign-on (also known as identity federation) to standard authentication. This process also removes the relying party trust settings in the AD FS server and online service. After the conversion, this cmdlet will convert all existing users from single sign-on to standard authentication. Any existing user who was configured for single sign-on will be given a new temporary password as part of the conversion process. Each converted user name and new temporary password will be recorded in a file for reference by the administrator. The administrator can then distribute the new temporary password to each converted user to enable the user to sign in to the online service.
Syntax
Convert-MsolDomainToStandard -DomainName <string> -PasswordFile <string> -SkipUserConversion <Boolean> [-Confirm] [-WhatIf] [<CommonParameters>]
Parameters
-DomainName <string>
The domain name to convert from single sign-on (also known as identity
federation) to standard authentication.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-PasswordFile <string>
The file where converted users' user names and temporary passwords
will be recorded.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SkipUserConversion <Boolean>
If set to True, users will not be converted as part of the operation.
Administrators can run the cmdlet again to convert users at a later
date.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without
actually executing the command.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".
Examples
You will require a connection to both the AD FS server and the Microsoft Online Services domain before the command can be run successfully. This following command removes the relying party trust information from the Microsoft Federation Gateway and the on-premises AD FS. In the command, contoso.com is the Microsoft Online Services domain name. The -PasswordFile parameter indicates the path of the text file that contains the newly created temporary password of each formerly-federated user’s account. The password file is created automatically and the passwords are set randomly. Open the c:\userpasswords.txt file to see the passwords that were created for each user.
Convert-MSOLDomainToStandard –DomainName contoso.com -SkipUserConversion $false -PasswordFile c:\userpasswords.txt
 Warning |
|---|
If the -SkipUserConversion:$true parameter is used, a password file is not generated. In this case, the associated user accounts cannot be used until one of the following occurs: by using the Convert-MSOLDomainToFederated cmdlet.
|
Additional Resources
There are several other places you can get more information and help. These include:
See Also
