Video Walkthrough: Active Directory On-Premise ADFS Federation with Office 365.

A great post by Steve Plank on the TechNet blogs on how to Federate Office 365 with On-Premise AD.

How to set up IIS, ADFS 2.0, the Federation Config Tool and Office 365 Dirsync. The video starts with federated access and its setup. Shows how an existing user can use their AD credentials to log in to Office 365 entirely seamlessly; they hit CTRL-ALT-DEL and login to the machine, then when they go to Office 365 they are not prompted for the password because they have already logged in.

Then in Dirsync I do the setup so that you can create users and modify their attributes in AD and they automagically appear in Office 365 as federated accounts that you can use your AD credentials to log in to.

I’ll do a whiteboard flow of the protocols and how they work very soon, I just wanted to get the demo-video in place because so many folks have asked for it. I use the “magic of video editing” to avoid the confusion of error messages and to shorten the install-times of various components.

Complete setup details for federated identity access from on-premise AD to Office 365. from Steve Plank

Federated Identity:

The “Admin” account you need to use for the powershell commands that set up the ADFS server and the Microsoft Federation Gateway up in the cloud is not just any admin account. It needs to be the first admin account on the Office 365 system when the subscription is created.

There is a typo in the help files on the Microsoft Online portal ( The 3rd powershell command says:

Convert-MSOLDomainToconverFederated –DomainName <domain>”.

The part I’ve highlighted in red should be missed out completely – so the command becomes:

Convert-MSOLDomainToFederated –DomainName <domain>”.



Can only run on a 32-bit Server. I used Windows Server 2008 SP2. You can’t install it on a Domain Controller. Which means if you are going to set up a test-lab, you need a minimum of 2 machines: a DC (you could use for ADFS 2.0) and a member server for the Dirsync tool.

In my test environment I had:

Video Screencast: Complete setup details for federated identity access from on-premise AD to Office 365. – Plankytronixx – Site Home – MSDN Blogs 

Another “whiteboard video” that gives a quick overview of the flows of data and comes in as a handy reference to my previous video which showed how to set it all up when you want to federate your Acitve Directory with Office 365.

This video shows the browser case. I’ll do another when you use an Outlook client to access Office 365.

Whiteboard video: How ADFS and the Microsoft Federation Gateway work together up in the Office 365 Cloud. – Plankytronixx – Site Home – MSDN Blogs

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

No comments yet.

Leave a Reply

You must be logged in to post a comment.

Call Agile IT Now

(619) 292-0800

Visit Agile IT
Agile IT Office

Agile IT Headquarters
West Coast Sales Office
4660 La Jolla Village Drive, Suite 500
San Diego, CA 92122

Directions >

Network Operations & Support Center
4891 Pacific Highway, Suite 105
San Diego, CA, 92110

Directions >

North East Sales Office
250 Pehle Avenue, Suite 200
Saddle Brook, New Jersey

South East Sales Office
2202 N. West Shore Blvd
Tampa, Florida

Midwest Sales Office
60 E. Rio Salado Parkway, Suite 900
Tempe, Arizona
Intune Webcast by Agile IT

Intune Subscription Pricing

This Guy That Guy - Microsoft InTune Lighter Side

Compare Office 365 Subscription Pricing

Office 365 Webcast by Agile IT

Office 365 Success Stories

Microsoft Office 365 is at the forefront of productivity. For organizations of all sizes, Office 365 unites the familiar Microsoft Office desktop applications with the power of our most trusted productivity servers, into one connected online solution. No matter if you’re an entrepreneur just starting out or a multinational corporation connecting your employees across the globe, the best productivity tools are at your fingertips.

State of Minnesota – The executive branch of the State of Minnesota is made up of more than 70 agencies and employs 35,000 people. The State Office of Enterprise Technology (OET) provides services that improve government through the effective use of information technology. In 2010, OET decided to move the entire executive branch to the cloud-based services of Microsoft Office 365. With a hosted enterprise solution, IT staff can provide a highly reliable and secure platform while decreasing administration and costs.

Click here
to view case study.

Patagonia – Patagonia, a global provider of outdoor apparel and gear wanted a new solution for unified communications to help employees around the world work better together. The IT staff also needed to upgrade its aging messaging solution. Based on a pilot test of Office 365, Patagonia expects employees to communicate more effectively and make better design decisions. Patagonia also believes Office 365 will help it reduce IT costs, improve business continuity, and support its environmental initiatives.

Click here
to view case study.

Imagination Yoga – Imagination Yoga, which brings the benefits of yoga to children’s classrooms, struggled with communication among its owners. By adopting Microsoft Office 365, the company gained mobile access to email and calendar information, shared workspaces, and a centralized document repository. Imagination Yoga now runs more efficiently, can be more responsive, and is able to better focus on its mission to bring yoga to more children.

Click here
to view case study.

Traveler’s Haven - Travelers Haven is growing rapidly and wants to better coordinate employee activities. The company is testing Microsoft Office 365 and already finds it exceptionally useful in improving efficiency and communicating with remote employees. Once the whole staff is using Office 365, Travelers Haven expects to save 30 hours a day, avoid U.S.$100,000 annually in IT costs, and feel comfortable opening new offices around the United States.

Click here
to view case study

Intune Deep Dive

Active Directory (AD)
Active Directory (AD) is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems.
An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software.
SAML Endpoints
SAML 2.0 is a standard which ensures interoperability across identity providers and gives enterprises the freedom to choose a cloud providers without needing to worry about additional management.
Many Cloud services are SAML Endpoints. Some of the most well-known are are:
  • Google
  • Yahoo
  • Remedy
  • ZenDesk
  • Zoho
  • Zimbra
  • CIsco Webex

and many more.