none
Converting domain to standard RRS feed

  • Question

  • When running Convert-MsolDomainToStandard it tells me "When converting domains, please sign in using the initial company administrator credentials (user name and password)"

    Why is this as i am using a login from a seperate federated domain. 

    Also just to check, if i run the above command against a specific domain, it will only convert users who have that specific UPN? We have 3 federated domains but i only want one to be convered to standard. 



    • Edited by greengary81 Thursday, November 12, 2015 12:42 PM
    Thursday, November 12, 2015 12:42 PM

All replies

  • Hello,

    While using the Convert-MsolDomainToStandard cmdlet, you would need to sign in with the credentials of the company administrator of the domain that you are going to convert.

    Also, when you want to convert one of the three federated domains, you need to specify the domain you are converting in the string

    Syntax:

    Convert-MsolDomainToStandard -DomainName <string> [-Confirm] [-WhatIf] [<CommonParameters>]

    Hope this helps.

    Regards,

    Neelesh


    Friday, November 13, 2015 7:08 AM
    Moderator
  • Hi, I didnt know which "company administrator" so i created a new global admin with the onmicrosoft.com address. That worked. Unfortunately conver-msoldomain deleted my relaying party trust, so the knocked out ADFS access for the other 2 domains. In addition it did not convert all the users, it crashed half way through, twice.  

    Gary Kane

    Friday, November 13, 2015 6:02 PM
  • Hi, 

    The domain's that you currently have verified against Azure AD is there a single root domain with 2 sub-domains or/ do you have 3 separate root domains? If you run the command

    Get-MsolDomain | Select Name, Status, Authentication, RootDomain

    If the three domain's returned all have no value for 'Root Domain' then by specifying a single domain will mean that it only converts that domain & users in that namespace. 

    If you have domains that return a value for 'Root Domain' that namespace value means that domain name is attached to that root meaning if you make any changes to that root domain it will also affect the sub domain namespaces. 

    If you are going to converting these users to 'Managed' long term then you should ensure you do not -skipuserconversion and that this parameter is set to $false. 

    If as you state, failed to convert all of the users then if you run the following command it will re-attempt to convert the users from federated to managed. 

    Get-MsolUser -DomainName contoso.com | Convert-MsolFederatedUser

    I hope that helps, 

    Regards, 

    James. 


    Senior Escalation Engineer | Azure AD Identity & Access Management

    Saturday, November 14, 2015 6:07 AM