Can’t convert domain to federated

I ran into an interesting problem setting up ADFS 2.1 on Windows Server 2012 for Office 365 federation. It is now a supported server OS for ADFS and Office 365 as long as you run the Azure Active Directory PowerShell. 

ADFS setup worked flawlessly and I setup the web certificate, etc. You can follow the ADFS 2.1 on Windows Server 2012 for Office 365 steps here now.

I went to convert my domain to federated in Azure Active Directory Powershell (steps here) to setup a Trust with Office 365 and it failed when I used the convert-msoldomaintofederated cmdlet.  I received an this error:



Convert-MsolDomainToFederated : Microsoft.Online.Administration.Automation.Iden
  At line:1 char:30
  + Convert-MsolDomainToFederated <<<<  -DomainName
     + CategoryInfo          : NotSpecified: (:) [Convert-MsolDomainToFederated
    ], FederationException
     + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Ident
    ityInternalServiceException,Microsoft.Online.Identity.Federation.Powershel    l.ConvertDomainToFederated

I found a fix that resolved this. You must run this PowerShell cmdlet first:


Set-MSOLpasswordpolicy validityperiod 90 –notificationdays 10 –domainname


After I ran that – waited about 20 minutes – then ran:


convert-msoldomaintofederated –domainname   - went through without issue.


It would appear that your password policy must be set to 270 days or less or you cannot convert your domain to a federated domain.


Finally, you should run get-msoldomain to check that you are indeed federated for that domain.

Comments (0)

Skip to main content