How to convert Office 365 from SSO to Managed
If your ADFS is removed for any reason before Office 365 SSO is turned off and ADFS is not restored your users will not be able to log in. If you don’t have time or plan to restore ADFS services Office 365 will need to be converted back to a managed state in order users to log on. To convert Office 365 from SSO to managed do the following.
Connect to Office 365 with online powershell
- Download and install at http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh124998.aspx
- Run $cred=Get-Credential. When the cmdlet prompts you for credentials, type your Office 365 administration account credentials.
- Run Connect-MsolService -Credential $cred. This cmdlet connects you to Office 365.
Convert Domain from a federated domain to a managed domain
SetMsolDomainauthentication –Authentication Managed –DomainName “domainaname”
To verify your domain is converted run
- Get-MsolDomain –DomainName “domainaname”
Convert user to managed and change password
Once the domain is converted each user needs to be converted as well
To get a list of users that need converted run
- Get-msoluser–domainname “domainname”
Then convert them 1 by 1
- Convert-MsolFederatedUser –UserPrincipalName “name”
Or all of them at once with
- Get-msoluser –domainname “domainname” -MaxResults “Pick a number larger then the amount of accounts you have” | Convert-MsolFederatedUser
When the user is converted the Password is lost and needs to be set
Reset passwords 1 by 1 with
- Set-MsolUserPassword –UserPrincipalName “name” –NewPassword “password” –ForcechangePassword $true
Or all of users at once with
- Get-Msoluser –domainname “domainname” | Set-MsolUserPassword –NewPassword “password” –ForcechangePassword $true
Your users should now be able to log back in and be forced to change their password at 1st log in.
To learn more about Office 365 or for more information, please visit our Office 365 page and fill out the “Request Information” form.