AzureAD PowerShell brings support for federation in version 2.0.1.17 (Preview)

It took Microsoft several years since the release of the Azure AD PowerShell module to address the issue with the missing federation-related cmdlets. Now, with the 2.0.1.17 version of the Azure AD Preview PowerShell module we can finally manage federation. It is important however to understand that this module only exposes the analog of the Set-MsolDomainFederationSettings cmdlet, and not the Convert-MsolDomainToFederated one. Meaning that you cannot run it directly on your AD FS servers and expect the corresponding RPT and claims to be created, you will have to take care of this part manually.

Additionally, I haven’t been able to successfully run the cmdlet yet, as any combination I try seems to result in an error. Of course, the documentation is non-existent at this point, but things should get better once the cmdlet makes it to the GA module. Just in case, here’s the only example I managed to dig up:

$federationSettings = New-Object Microsoft.Open.AzureAD.Model.DomainFederationSettings
$federationSettings.ActiveLogOnUri="https://adfs.com/adfs/ls"
$federationSettings.IssuerUri = "http://adfs.com/adfs/services/trust"
$federationSettings.LogOffUri = $federationSettings.ActiveLogOnUri
$federationSettings.FederationBrandName = "Contoso Misa1 US"
$federationSettings.MetadataExchangeUri="http://adfs.com/FederationMetadata.xml"
$federationSettings.PassiveLogOnUri=$federationSettings.ActiveLogOnUri
$federationSettings.PreferredAuthenticationProtocol="WsFed"
$federationSettings.SigningCertificate="X509 signing public key"

New-AzureADExternalFederationDomain -ExternalDomainName "adfs.com" -FederationSettings $federationSettings

I will make sure to update the article once I have more info.

This entry was posted in Azure AD, Office 365. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *