Submit a request

Nerdio Help Center

What is federation and a "Federated domain"?

In the case of a federated domain, when a user log into Office 365 their authentication request is forwarded to the ADFS server, which is the DC01 domain controller. This allows for a single place to control all authentication requests. If you disable an account or change password, these changes take effect immediately and you don’t have to wait until a synchronization of ADConnect is complete. ADFS allows Single Sign On and a slightly better user experience since the user has to sign in fewer times.

If you have a managed domain, then authentication happens on the Microsoft site. The password must be synched up via ADConnect, using something called "password hash synchronization".

ADConnect can be running irrespective of whether you have federated the domain or not. ADConnect is how the user information gets from AD to Azure AD. In small environments we typically see people use managed, not federated domains.

To convert the domain from federated back to managed requires power shell scripting and there is no automation in the NAP to help you with this.  Here are the commands you’ll need to use: https://docs.microsoft.com/en-us/powershell/module/msonline/convert-msoldomaintostandard?view=azureadps-1.0.

Was this article helpful?
0 out of 0 found this helpful

Comments

Please sign in to leave a comment.