Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. "Each identifier for a relying party trust must be unique" error when you run the Update-MsolFederatedDomain command

"Each identifier for a relying party trust must be unique" error when you run the Update-MsolFederatedDomain command

View products that this article applies to.

PROBLEM

When you run the Update-MsolFederatedDomain command in your Active Directory Federation Services (AD FS) environment from a server that's configured for a non-English language, you receive an error message that resembles the following. 
Update-MsolFederatedDomain : MSIS7612: Each identifier for a relying party trust must be unique across all relying party trusts in AD FS 2.0 configuration.

発生場所 行:1 文字:27

+ Update-MsolFederatedDomain <<<< -DomainName contoso.com

+ CategoryInfo : NotSpecified: (:) [Update-MsolFederatedDomain]、CmdletInvocationException

+ FullyQualifiedErrorId : MSIS7612: Each identifier for a relying party trust must be unique across all relying party trusts in AD FS 2.0 configuration.,Microsoft.Online.Identity.Federation.Powershell.UpdateFederatedDomainCommand

↑ Back to the top

CAUSE

This issue occurs if the following conditions are true: 
  • The trust relationship was created by using a version of the Microsoft Online Services Module for Windows PowerShell that was released before July 2012. Versions that were released earlier than July 2012 use localized identifiers to set the relying party trust name.
  • A later version of Azure Active Directory Module for Windows PowerShell (previously known as the Microsoft Online Services Module for Windows PowerShell) was installed after the trust relationship was created. Versions of the Azure Active Directory Module for Windows PowerShell that were released after July 2012 use only an English language name for the relying party trust. 

↑ Back to the top

SOLUTION

To resolve this issue, use the AD FS Management Console to change the display name of the relying party trust to an English language name. To do this, follow these steps:
  1. Open the AD FS console.
  2. Expand the left tree, select Trust Relationships, and then select Relying Party Trusts.
  3. Open the properties of the relying party trust, and then click the Identifiers tab.
  4. In the Display name box, change the display name to Microsoft Office 365 Identity Platform, and then click OK.

    For example, if the display name is in Japanese and appears as Microsoft Office 365 ID プラットフォーム, change it to Microsoft Office 365 Identity Platform.

    Screen shot of the properties dialog box for the relying party trust, showing the display name as Microsoft Office 365 Identity Platform
  5. Connect to Azure AD by using the Azure Active Directory Module for Windows PowerShell, and then run the Update-MsolFederatedDomain command.  

↑ Back to the top

MORE INFORMATION

For more information, see Manage Azure AD using Windows PowerShell.

↑ Back to the top

Keywords: kbgraphic, adfs, vkbportal339, kbgraphxlink, vkbportal237, tsg, o15, uacrossref, azuread, vkbportal231, yespartner, kb, o365m, o365e, o365a, o365, o365022013, vkbportal343

↑ Back to the top

Article Info
Article ID : 2998157
Revision : 3
Created on : 11/14/2019
Published on : 11/14/2019
Exists online : False
Views : 2988