Recently I had to make a change in the Skype for Business Online environment of a customer. When I was trying to connect with Remote PowerShell I got an error message saying that it was “Unable to query AutoDiscover URL”.
It turned out that this customer was once using BPOS, and the domain used at that time was tenant.emea.microsoftonline.com. This domain is not supported to use with Skype for Business, since important DNS records are missing.
Luckily there are two solutions for this problem:
Connect using the -OverrideAdminDomain option, as described in KB2909536.
$cssession = New-CsOnlineSession `
–Credentials $cred `
This will force the cmdlet to look for DNS records at the tenant.onmicrosoft.com domain
This solution requires you to change the user name of the admin account to a supported domain (or create a new account). Renaming accounts can be tricky, but it is worth the job, since the emea.microsoftonline.com domain support is deprecated.
By using a new admin account I was able to connect.
The idea with federation/ADFS combined with Office 365 is that you don’t have to care about changing/remembering passwords in multiple places.
Of course that is a good thing and the setup of ADFS is quite easy as long as you know your certificates and size the solution for redundancy.
A couple of days ago I ran in to a scenario where I needed to revert/disable federation for an Office 365 domain.
You do it with the Powershell module for Online Services (can be found on http://go.microsoft.com/fwlink/?linkid=236293).
First you connect to remote powershell with the following command where you will provide your administrative credentials for Office 365:
Then to change your domain back to a non-Federated state you simply type the command:
Convert-MsolDomainToStandard -DomainName example.com -PasswordFile c:\Passwords.txt
The command will convert all users to non federated ones and create a new password for them and put it in the file you specified with the “-PasswordFile” flag. It will also set the flag “ForceChangePassword” on the users to $true, so the users will have to change their own password after the first time they log on with the new one you provided from the file.
If something goes wrong with the conversion of the users when running the conversion command above you may have to convert the users manually to non-federated ones with the “Convert-MsolFederatedUser -UserPrincipalName ” cmdlet.