In this Article, we will see how to convert the Federated domain which is using the ADFS Authentication using against the On-premises Active Directory to Managed Authentication against Azure Active Directory(AAD). ADFS Authentication is Token Based Authentication and it is very secured Authentication wherein it has some limitation as it is required Web Application Proxy(WAP) Setup to allow the users to get authenticated from the internet connected. For Part 2, How to convert Federated domain to Managed Domain(Password Hash Sync(PHS))-Part 2
ADFS Authentication has some limitations and it is time consuming process. Many organizations will prefer ADFS Authentication since they don’t want to sync the passwords to Azure AD. wherein the Azure AD authentication is very fast and secured. It removes the Dependency of On-premises.
For ADFS Based Authentication, Refer Part 1, Part 2, Part 3, Part 4 For Pass-Through Authentication(PTA) installation and Configuration, Refer the Article
To convert to Managed domain, We need to do the following tasks, 1. Enable the Password sync using the AADConnect Agent Server 2. Sync the Passwords of the users to the Azure AD using the Full Sync 3. Convert the domain from Federated to Managed 4. check the user Authentication happens against Azure AD
Let’s do it one by one,
1. Enable the Password sync using the AADConnect Agent Server.
Login to AADConnect Server, Open Azure AD Conenct. Ensure Sync is not in progress, if it is in progress ensure that Sync Cycle is completed and open the AAD Connect
Click on Configure
Select Customize Synchronization Options and Click on Next
Enter Office365 Global Admin Credentials, Ideally it should be created in the Office365 tenant and enabled with Global Administrator, ID should be like administrator@domainname.onmicrosoft.com.
Ensure on-premises domain is selected and Click on Next
You can customize the Sync OUs to the Cloud, Since we are enabling the Password sync, ignore changing the exiting configuration and Click on Next
In Optional Features, Select Password Synchronization and click on Next
Click on Next as we are not focusing the Directory Extentions,
Click on configure to complete the configuration
2. Sync the Passwords of the users to the Azure AD using the Full Sync
Now the Configuration has been completed. Click on Exit. Once the configuration has been completed, We need to initiate using the command,
Start-ADSyncSyncCycle -PolicyType initial
You can see the below events started Syncing to Azure AD.
You can troubleshoot Password sync using the Command,
Invoke-adsyncdiagnostics
