Microsoft Office 365 Federation Metadata Update Automation Installation Tool

Posted on Updated on

Great write up from a Microsoft esteemed colleague on how to automate the configuration of ADFS when needing Active Directory authentication into Office 365:

Microsoft Office 365 Federation Metadata Update Automation Installation Tool:  http://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc

This tool can be used to automate the update of the Microsoft Office 365 federation metadata regularly to ensure that changes in the case of the token signing certificate configured in Active Directory Federation Services 2.0 are replicated to the identity platform automatically!

To execute this tool successfully:

  • You need to have a functioning AD FS 2.0 Federation Service
  • You need to have access to Global Administrator credentials for your Office 365 tenant
  • You need to have at least one verified domain in the Office 365 tenant must be of type ‘Federated’
  • This tool must be executed on a writable Federation Server
  • The currently logged on user must be a member of the local Administrators group
  • The Microsoft Online Services Module for Windows PowerShell must be installed. You can download the module from http://onlinehelp.microsoft.com/en-us/office365-enterprises/ff652560.aspx

Note – This helps keep the Microsoft Federation Gateway (MFG) updated in case any changes occur with your Service Identifier or Certificate updates.  In either of these cases, if these change, users will not be able to login, so the script and Scheduled Task make sure that the ADFS configuration is uploaded into Office 365 MFG, removing the possibility of ADFS changes not being updated, due to lapse in memory, etc.  

Note – I ran into this issue today, where my certificate had expired and I could not figure out why none of my users were not able to authenticate, meaning NO USERS could access their online services, mailboxes, SharePoint content, etc.  if I had this script running it would have picked up the certificate change, updated the MFG with the new certificate thumbprint and allowed my users to continue authenticating, removing any downtime for them!

Whatcha thinkin?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s