You use the convert-MSOLDomainToStandard Windows PowerShell cmdlet in a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune to convert a single sign-on (SSO)-enabled domain to standard authentication in an Active Directory Federation Services (AD FS) implementation that supports multiple top-level domains. However, after you run the cmdlet, SSO authentication for the other SSO-enabled domains stops working.
The convert-MSOLDomainToStandard cmdlet removes the relying party trust entry in the AD FS Management Console on the AD FS server. To confirm that this is the cause of the issue that you're experiencing, follow these steps:
- Open the AD FS Management Console.
- In the left navigation pane, expand AD FS (2.0), expand Trust Relationships, and then expand Relying Party Trusts.
- Check whether the Microsoft Office 365 Identity Platform entry is listed in the center pane. If it's not listed, the relying party trust entry was removed.
Update the relying party trust information by using the steps in the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
2647048 How to update or repair the settings of a federated domain in Office 365, Azure, or Intune
Article ID: 2748507 - Last Review: Dec 16, 2016 - Revision: 1
Microsoft Azure Cloud Services, Microsoft Azure Active Directory, Office 365, Microsoft Intune, CRM Online via Office 365 E Plans, Microsoft Azure Recovery Services, Office 365 Identity Management