Set-MsolDomainAuthentication

Updated: July 30, 2015

Applies To: Azure, Office 365, Windows Intune

Note



  • The cmdlets were previously known as the Microsoft Online Services Module for Windows PowerShell cmdlets.

The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication between standard identity and single-sign on. This cmdlet will only update the settings in ; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated should be used instead.

Syntax

Set-MsolDomainAuthentication -Authentication <DomainAuthenticationType> -DomainName <string> [-ActiveLogOnUri <string>] [-DefaultInteractiveAuthenticationMethod <string>] [-FederationBrandName <string>] [-IssuerUri <string>] [-LogOffUri <string>] [-MetadataExchangeUri <string>] [-OpenIDConnectDisoveryEndpoint <string>] [-NextSigningCertificate <string>] [-PassiveLogOnUri <string>] [-SigningCertificate <string>] [-SupportsMFA <boolean>] [-TenantId <Guid>] [<CommonParameters>]

Parameters

    -ActiveLogOnUri <string>
        A URL that specifies the end point used by active clients when 
        authenticating with domains set up for single sign-on (also known as 
        identity federation) in Microsoft Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -Authentication <DomainAuthenticationType>
        The authentication type (managed/federated) of the domain. All users 
        created on this domain will have this authentication type.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DomainName <string>
        The fully qualified domain name (FQDN) to update.
        
        Required?                    true
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -DefaultInteractiveAuthenticationMethod <string>
        Specifies the default interactive authentication method in the form of 
        a valid URI. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -FederationBrandName <string>
        The name of the string value shown to users when signing in to Office 
        365. We recommend that customers user something that is familiar to 
        them, such as "Contoso, Inc."
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -IssuerUri <string>
        The unique identifier of the domain in the Office 365 identity 
        platform derived from the federation server.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -LogOffUri <string>
        The URL clients are redirected to when they sign out of Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -MetadataExchangeUri <string>
        The URL that specifies the metadata exchange end point used for 
        authentication from rich client applications such as Lync Online.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -NextSigningCertificate <string>
        The next token signing certificate that will be used to sign tokens 
        when the primary signing certificate expires.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -OpenIDConnectDisoveryEndpoint <string>
        Specifies the OpenID Connect Discovery Endpoint of a security token 
        service (STS) of a federated identity provider. 
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -PassiveLogOnUri <string>
        The URL that web-based clients will be directed to when signing in to 
        Office 365.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SigningCertificate <string>
        The current certificate used to sign tokens passed to the Office 365 
        identity platform.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -SupportsMFA <boolean>
        Indicates if the STS supports the Wauth parameter 
        https://schemas.microsoft.com/claims/multipleauthn and can issue the 
        claim https://schemas.microsoft.com/claims/authnmethodsreferences 
        specifying multi-factor authentication has been performed. 
        
        Required?                    false
        Position?                    named
        Default value                false
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    -TenantId <Guid>
        The unique ID of the tenant to perform the operation on. If this is 
        not provided, then the value will default to the tenant of the current 
        user. This parameter is only applicable to partner users.
        
        Required?                    false
        Position?                    named
        Default value                
        Accept pipeline input?       true (ByPropertyName)
        Accept wildcard characters?  false
        
    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        "get-help about_commonparameters".

Examples

The following examples demonstrate the usage of this cmdlet.

Example 1

The following command sets the domain's authentication type to managed (standard):

Set-MsolDomainAuthentication -Authentication Managed -DomainName Contoso.com

Example 2

The following commands convert the existing domain Contoso.com to use single sign-on. Notice the certificate is in Base-64 encoding:

convert-MsolDomainToFederated

$dom = "contoso.com"

$brand = "Contoso Ltd."

$ActiveSO = "https://adfs.contoso.com/adfs/services/trust/2005/usernamemixed"

$PLUri$ = "https://adfs.contoso.com/adfs/ls"

$IssuerUri = "https://adfs.contoso.com/adfs/services/trust"

$cert = "MIIEQzCCAyugAwIBAgIKYQm1CwAAAAAAEDANBgkqhkiG9w0BAQUFADBIMRMwEQYK
CZImiZPyLGQBGRYDY29tMR0wGwYKCZImiZPyLGQBGRYNd29vZGdyb3ZlYmFuazES
MBAGA1UEAxMJRGVudmVyLUNBMB4XDTEwMDExMDA2NDEwMFoXDTExMTExMTAxMTM0
MFowIzEhMB8GA1UEAxMYZGVudmVyLndvb2Rncm92ZWJhbmsuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUaiuxFkfXf9O5kUSpxOBSBFhjFirBb3
UXJs2weW/4cMniVNYGanLABVuqltfRHqWz6WZF/98VbqfCaETBaKu/QggcuhMoBc
yT7E4n35GOFxf8OVUy38VI1BrFon/crs8IUc0pK3qKG0n4rsCRwnpxoEPar0MiSP
r8jpDZa/eLcMV/1lFifpNXz2v1wKWYRKXrvg1sLJyABSRoAZShxaMcXehS0egmiP
gYNhvZln2Z/M2Xwy5oh21lAjzbrW2eLmsqr1OTsFO497CBsuoWS4KQUbxf7hVj3T
tgPXTphJsg6+2606nlJqflsxjpH90ucendRZVPJ1Vs83yMUcPUyA+QIDAQABo4IB
UjCCAU4wDgYDVR0PAQH/BAQDAgWgMD0GCSsGAQQBgjcVBwQwMC4GJisGAQQBgjcV
CIP16AeH74RRh62DOIaW7CWEl7BNJ4bS92uFwqxxAgFkAgECMB0GA1UdDgQWBBQ6
RGMSiX+JPfV4zEGxeXGeFXm1kzAfBgNVHSMEGDAWgBSZzCX7ueHUBH7PY6wVldwn
N/ntwjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vcGtpLndvb2Rncm92ZWJhbmsu
Y29tL0NEUC9EZW52ZXItQ0EuY3JsMEoGCCsGAQUFBwEBBD4wPDA6BggrBgEFBQcw
AoYuaHR0cDovL3BraS53b29kZ3JvdmViYW5rLmNvbS9BSUEvRGVudmVyLUNBLmNy
dDATBgNVHSUEDDAKBggrBgEFBQcDATAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUF
BwMBMA0GCSqGSIb3DQEBBQUAA4IBAQCVaxdQ2nO5cpo0AQL+Pk/hXs3JOe+cRD1F
q4QZzAtef7viv4By6RI4xvbjap5iRs3wzWBuRdTT4zKcTZrUkBuyo3rxkmy8dzbh
0nXFrIS6onvPQDAxXLgz8b/YnlfnpCH1t/FoH6lqjmsiESYtfj43j8epDg91OhvQ
hirX2Q+27LBEvf9pmG/Nc7WXlm38UI1tpHw9lYqEOde2bxz7o2hgLcZg8ptJx4ci
PnB9VyrfTjPutLI4GqSuaMqrYxzjVplNkVMV3ZjJc2Jh8mLiaY7iPwRO3zPMs+Vn
hb32hqVF14uxWC4DNO5ccaqTKxUKH0LngEo9GItFhjxGlcg0fwI0"

Set-MsolDomainAuthentication –DomainName $dom -FederationBrandName $brand -Authentication Federated -PassiveLogOnUri $PLUri -SigningCertificate $cert -IssuerUri $IssuerUri -ActiveLogOnUri $ActiveSO -LogOffUri $PLUri

Additional Resources

There are several other places you can get more information and help. These include:

See Also

Other Resources

Manage Azure Active Directory by using Windows PowerShell