My existing azure lab has an Exchange 2010 Hybrid set up with ADFS for single sign-on. I am planning to remove ADFS from the environment and use password sync instead.
First I should check if password sync is already enabled or not. I can check and confirm this from the Azure AD Connect application. Launch AAD Connect tool and check the current configuration :
To check the status of the domain you can use the following commands, once connected to Exchange Online using powershell:
Connect-MsolService -Credential $cred
The output will be similar to the below screenshot:
As you can see above, the domain ‘anishjohnes.ga‘ is ‘Federated’.
If you go to ADFS management -> Relaying Party Trust, you will notice a trust already set up with MS Office 365.
Now to convert the domain to ‘Managed’ execute the below command :
Convert-MsolDomainToStandard -DomainName <String> -PasswordFile <String> -SkipUserConversion <Boolean> [-Confirm] [-WhatIf] [<CommonParameters>]
Once the domain is converted to ‘Managed’ single sign-on will be no longer applicable, instead same sign-on will be applied. The trust with Microsoft Office 365 will be removed from Relaying Party Trust as well.