Microsoft in Education Blog
I ran into an interesting problem setting up ADFS 2.1 on Windows Server 2012 for Office 365 federation. It is now a supported server OS for ADFS and Office 365 as long as you run the Azure Active Directory PowerShell.
ADFS setup worked flawlessly and I setup the web certificate, etc. You can follow the ADFS 2.1 on Windows Server 2012 for Office 365 steps here now.
I went to convert my domain to federated in Azure Active Directory Powershell (steps here) to setup a Trust with Office 365 and it failed when I used the convert-msoldomaintofederated cmdlet. I received an this error:
Convert-MsolDomainToFederated : Microsoft.Online.Administration.Automation.Iden tityInternalServiceException At line:1 char:30 + Convert-MsolDomainToFederated <<<< -DomainName domain.edu + CategoryInfo : NotSpecified: (:) [Convert-MsolDomainToFederated ], FederationException + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Ident ityInternalServiceException,Microsoft.Online.Identity.Federation.Powershel l.ConvertDomainToFederated
I found a fix that resolved this. You must run this PowerShell cmdlet first:
Set-MSOLpasswordpolicy validityperiod 90 –notificationdays 10 –domainname domain.edu
After I ran that – waited about 20 minutes – then ran:
convert-msoldomaintofederated –domainname domain.edu - went through without issue.
It would appear that your password policy must be set to 270 days or less or you cannot convert your domain to a federated domain.
Finally, you should run get-msoldomain to check that you are indeed federated for that domain.