Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot convert a domain from standard to federated authentication by using the Convert-MsolDomainToFederated cmdlet in SharePoint Online


View products that this article applies to.

Symptoms

When you try to convert an existing domain from standard authentication to federated authentication in Microsoft SharePoint Online by using the Convert-MSOLDomaintoFederated cmdlet, you receive the following error message:

PS C:\Windows\system32> Convert-MsolDomainToFederated -DomainName <domain.contoso.com>
Convert-MsolDomainToFederated :
Microsoft.Online.Administration.Automation.IdentityInternalServiceException
At line:1 char:30
+ Convert-MsolDomainToFederated <<<< -DomainName <domain.contoso.com>
+ CategoryInfo : NotSpecified: (:) [Convert-MsolDomainToFederated],
FederationException + FullyQualifiedErrorId :
Microsoft.Online.Administration.Automation.IdentityInternalServiceException,
Microsoft.Online.Identity.Federation.Powershell.ConvertDomainToFederated

↑ Back to the top


Cause

This issue occurs because the "Password expiry duration" policy in SharePoint Online is not set to the default value of 90 days.

↑ Back to the top


Resolution

To resolve this issue, set the "Password expiry duration" policy to the default setting by using the following cmdlet:
Set-MsolPasswordPolicy -ValidityPeriod 90 -NotificationDays 14 -DomainName domain.com

↑ Back to the top


Keywords: kbsurveynew, kbtshoot, kbexpertiseinter, kb

↑ Back to the top

Article Info
Article ID : 2823649
Revision : 1
Created on : 1/7/2017
Published on : 3/19/2013
Exists online : False
Views : 313