I have a federated domain in Office 365 and I would like to disable federation configuration on Office 365 and make my domain standard domain again with password hash sync.
The AAD Connect is already installed and configured syncing my password. I have also ADFS servers. So, when I remove federation configuration on my domain in Office 365, my AD password should work and I will be able to connect to Office 365. That is not quiet true statement. You need to be very careful. Because converting Domain means that you are converting users identity too.
This is not a two different jobs. it is one combined job. So, it has to be together and once you convert the domain, you will create a temp password for everyone. It can be overwritten via AAD Connect.
By the way, I need to highlight very important thing. you need to do this from ADFS server. Otherwise it will complain.
I connected to Office 365 via PowerShell and see my domain status
my command to see which domain is registered to Office 365 is “Get-MsolDomain”.
Name Status Authentication
—- —— ————–
insme.com.au Verified Federated
sonatyaylalidemo.onmicrosoft.com Verified Managed
sonatyaylali.com Verified Managed
sonatyaylalidemo.mail.onmicrosoft.com Verified Managed
As you can see above that one of my domains is federated.
It is time to convert it with the following command “Convert-MsolDomainToStandard -DomainName insme.com.au” -PasswordFile c:\temp\pass.txt -SkipUserConversion $false”
Result: Please wait while the system converts users to standard Microsoft Online Servic
es identities. This involves setting a temporary password on converted users.
This conversion process can take a while.
Successfully updated ‘insme.com.au’ domain.
After converting domain succesfully, I have run full Sync and I am able to login to Office 365 with my AD password without ADFS
Start-ADSyncSyncCycle -PolicyType Initial