Single sign-on (SSO) authentication for other SSO-enabled domains stops working after you run the convert-MSOLDomainToStandard cmdlet

You use the convert-MSOLDomainToStandard Windows PowerShell cmdlet in a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune to convert a single sign-on (SSO)-enabled domain to standard authentication in an Active Directory Federation Services (AD FS) implementation that supports multiple top-level domains. However, after you run the cmdlet, SSO authentication for the other SSO-enabled domains stops working.
The convert-MSOLDomainToStandard cmdlet removes the relying party trust entry in the AD FS Management Console on the AD FS server. To confirm that this is the cause of the issue that you're experiencing, follow these steps:
  1. Open the AD FS Management Console.
  2. In the left navigation pane, expand AD FS (2.0), expand Trust Relationships, and then expand Relying Party Trusts.
  3. Check whether the Microsoft Office 365 Identity Platform entry is listed in the center pane. If it's not listed, the relying party trust entry was removed.
Update the relying party trust information by using the steps in the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
2647048 How to update or repair the settings of a federated domain in Office 365, Azure, or Intune 
Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.

Article ID: 2748507 - Last Review: 12/12/2014 09:52:00 - Revision: 15.0

Microsoft Azure cloud services, Microsoft Azure Active Directory, Microsoft Office 365, Microsoft Intune, CRM Online via Office 365 E Plans, Microsoft Azure Recovery Services, Office 365 Identity Management

  • o365 o365022013 o365m KB2748507