Thursday, September 20, 2018

Set-CsTenantFederationConfiguration

Today I was fighting with Federation for Skype for Business in Office 365. This post is mainly to remind myself about the commands used next time I will have to do this.

To start with I had to login to Office 365. For that I started Powershell as administrator and used the following commands.

Import-Module SkypeOnlineConnector
$UserCredential = Get-Credential
$sfbSession = New-CsOnlineSession -Credential $UserCredential
Import-PSSession $sfbSession



Next I verified that the "Allowed domains" list were empty, just like I could also see in the GUI.


PS C:\WINDOWS\system32> Get-CsTenantFederationConfiguration

Identity                            : Global
AllowedDomains                      : AllowAllKnownDomains
BlockedDomains                      : {}
AllowFederatedUsers                 : True
AllowPublicUsers                    : True
TreatDiscoveredPartnersAsUnverified : False
SharedSipAddressSpace               : False



An empty "Allowed Domains" list.


Then I started to have some issues since the documentation around the following commands is not entierly correct. To add an allowed domain the command Set-CsTenantFederationConfiguration should be used. However, the AllowedDomains parameter is not listed in the examples on how to use the command, and the handy AllowedDomainsAsAList parameter is not documented at all. Set-CsTenantFederationConfiguration should be used in conjuction with New-CsEdgeDomainPattern so the working syntax for these two commands are as follows:


$x = New-CsEdgeDomainPattern -Domain "microsoft.com"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}



using these commands we can build a "list" or script with powershell commands.


$x = New-CsEdgeDomainPattern -Domain "cellip.se"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}
$x = New-CsEdgeDomainPattern -Domain "relevo.se"
Set-CsTenantFederationConfiguration -AllowedDomainsAsAList @{Add=$x}



And now Powershell, as well as the GUI is showing what I want.


PS C:\WINDOWS\system32> Get-CsTenantFederationConfiguration

Identity                            : Global
AllowedDomains                      : Domain=microsoft.com,Domain=cellip.se,Domain=relevo.se
BlockedDomains                      : {}
AllowFederatedUsers                 : True
AllowPublicUsers                    : True
TreatDiscoveredPartnersAsUnverified : False
SharedSipAddressSpace               : False



Don't hate - Federate!

No comments:

Post a Comment