Powershell script for Office365 Federation

This script helps you

• To add a new domain and federate with your on-premise ADFS server.
• To federate your existing Office365 domain.  

Requirement

• You need to run this script from the ADFS box which will federate with Office365.
• Basic idea of how to add a TXT entry to your hosting provider, for more info refer https://onlinehelp.microsoft.com/en-us/office365-enterprises/gg584188.aspx .

Quick introduction about this guy.

He collects the following information from you:

• Office365 credentials
• Domain Name
• Your confirmation to know: if you are federating with a domain name which is already added to your Office365 portal or add and federate a new domain to office365.
• Finaly a log file location for an error output.

Things you should be aware:-

• This script does the domain verification, once the added TXT record is replicated.
• Domains added using this script can be verified only with New-MsolFederatedDomain –DomainName <Domain Name> command
• The domain verification might fail due to TXT recort replication, if so follow this KB Article and run New-MsolFederatedDomain –DomainName <Domain Name>

 Note: - With my experience, I had to wait for 15-30 mins for the DNS replication.

I recommend you to download the attached .ps1 file to avoid any typo's. 

 

##################################################################################

#Created by KannaGanesh On 10-15-12

#This script helps you to federated a new / existing
domain with Office365 portal

##########################################################################################

write-host "This script helps you to federate a new
/ existing domain with Office365"

$cred = Get-Credential

$Domain = Read-Host "Provide your domain name that will be added to your Office365Portal"          # this reads your Domainname that needs to federated with your Office365 subscription

$logfile = Read-Host "Get a logfile path"

Connect-MsolService -Credential $cred                 #Provide your microsoftonline credentials <admin@domain.microsoftonline.com>

 

$confirm = Read-Host "Please hit "S" to federate your existing Office365 domain / hit "N" for adding and federating a new domain with Office365" 

If ($confirm -eq "S")

{

Convert-MsolDomainToFederated -DomainName $Domain # This
converts your existing domain to federated

}

else

{

New-MsolFederatedDomain -DomainName $domain      # This line adds your domain to Office365 portal

write-host "Please note the DNS entry might take
some time for replication" -foregroundcolor Red -backgroundcolor white

Read-host "Hit enter once DNS entries or done"                 

New-MsolFederatedDomain -DomainName $domain -errorvariable e; # This line validates your domain verification

Write-Output $e > $logfile

If($e -ne $null)

{

Read-Host "Hit enter once you are ready to verify your domain"  # This gives you a chance of verifiying the added domain again.

New-MsolFederatedDomain -DomainName $domain -errorvariable a -ea silentlycontinue -wa silentlycontinue;

$date = (get-date).ToString()

Write-Output $a $date | out-file $logfile -append  # If the verification failed, then it writes an output to log file

If($a -ne $null)

{write-host "Your Domain verification failed, pls verify the txt record and run New-MsolFederatedDomain -DomainName <Domain Name> for successfull completion of federation" -foreground "White" -background "Red" ;

write-host "for more info check the log file @ $logfile"}

# This write-host command tells you how to validate your domain after fixing the DNS record

else

{write-output "Congrats you have successfully configured federation"

 

#################################################            THE END                    ###############################################

 

How to run this script:

• Login to your ADFS server
• Open MSOnline Shell as administrator
• Run set-executionpolicy unrestricted from MSOnline shell
• Now it’s time to run the script .\office365federation.ps1
• Provide your office365 Credentials.
• Now you will be prompted for your Domain name, that will be federated with Office365.
• Choose your option, if you need to federate an existing domain / add & federate a new Domain
• Based on your selection the script federate / add & federate a domain to Office365
  • If it is only the federation of an existing Domain, then this script does the federation and ends there.
  • If it is for adding & federating a new domain to Office365 then it follow the below steps:
    • Adds the domain to your Office365 tenant
    • Provides the TXT record that needs to be added with your provider
    • Once the record is added and ready for replication, An ENTER key will help the script to verify your domain.
    • If the verification failed for the 1^st time, it prompts you to validate the replication of TXT record that was added and then confirm by hitting an ENTER key.
    • If the TXT record was replicated, your verification will be completed by now.
    • Else, you will have to run New-MsolFederatedDomain -DomainName <Domain Name> for verifying the domain once the TXT record replication is done.
• Once the script is executed set it back to Restricted, using

Hope this helps you.  

 

 

 

Office365Federation.ps1