ADFS migration – part 1. – intro


It is a Cloud age and as a Microsoft fan I use and work with Office 365 and Azure (slightly), so I wanted to post a guide about the key stone of the cloud and on-premise authentication – ADFS. As you probably know, Microsoft has so far relased several versions of ADFS and upgrade is not so easy, especially if there is Office 365 involved.

Versions released:

  • ADFS 1.0 (Windows Server 2003)
  • ADFS 1.1 (Windows Server 2008)
  • ADFS 2.0 (Windows Server 2008 R2)
  • ADFS 2.1 (Windows Server 2012)
  • ADFS 3.0 (Windows Server 2012 R2)

I will write articles about upgrade from ADFS 2.0 -> 2.1 -> 3.0

Prerequisites:

  • 3rd party trusted certificate with host name of ADFS service published in external DNS (in my case *.salonovi.cz by Comodo)
  • Office 365 tenant with verified domains (I use tenant zbycha.onmicrosoft.com with verified domain salonovi.cz)
  • ADFS servers and AADSync to synchronize identities from on-premise to cloud.

As this is the intro part of the series, let me use it, to show, how to connect to multiple Office 365 customers. It is easy, and if you need more security,do not fill passwords but use (get-credential) instead.

function Open-Office365Session (){
$customers = @()
$customers +=( ,("0","Cust1","admin@cust1.onmicrosoft.com","Passwordstring"))
$customers +=( ,("1","Cust2","admin@cust2.onmicrosoft.com","Passwordstring"))
$customers +=( ,("2","Cust3","admin@cust3.onmicrosoft.com","Passwordstring"))
Write-host "Configured customers:"  -ForegroundColor DarkYellow
foreach($cust in $customers){Write-host "$($cust[0]) - $($cust[1])"}
Write-host "Select customer to connect:" -ForegroundColor Green
$selection = Read-Host
$usr = "$($customers[$selection][2])"
$pass = "$($customers[$selection][3])"

                $psw = ConvertTo-SecureString -Force -AsPlainText -String "$($pass)"
                $cred = New-Object System.Management.Automation.PSCredential ($usr, $psw)
                $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $cred -Authentication Basic -AllowRedirection
                import-pssession $s
                import-module msonline
                connect-MsolService -credential $cred
}

Save it to your profile PS1 file: C:\Users\<username>\Documents\WindowsPowershell\Microsoft.PowerShell_profile.ps1

To run function just open new powershell session everytime, you want to connect to Office 365, type: Open-Office365Session and from menu type number you want.

ADFSp1-1

Thats it. I have prepared Office 365 tenant, I have ADFS servers, 3rd party trusted certificate and I can start working on identity sync between On-Premise and Office 365 using AADSync. Latest AAD Sync can be dowloaded from the following link:

http://www.microsoft.com/en-us/download/details.aspx?id=44225

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s