Skip to content

Update how-to-connect-emergency-ad-fs-certificate-rotation.md #1695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Update how-to-connect-emergency-ad-fs-certificate-rotation.md #1695

wants to merge 1 commit into from

Conversation

Macorder-hub
Copy link

Important doc to be updated as soon as possible. Information is outdated since it is still making references to the deprecated MSOL Module.

@prmerger-automator PRMerger Automator
Copy link
Contributor

@Macorder-hub : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 98fe8b0:

✅ Validation status: passed

File Status Preview URL Details
docs/identity/hybrid/connect/how-to-connect-emergency-ad-fs-certificate-rotation.md ✅Succeeded

For more details, please refer to the build report.

@v-regandowner
Copy link
Contributor

@omondiatieno - Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

punnypenguins added a commit to punnypenguins/entra-docs that referenced this pull request Aug 1, 2025
@punnypenguins
Added Microsoft Engage Center to the list as per Doug Pearce's request
209ee33 
Issue MicrosoftDocs#1695
omondiatieno
omondiatieno suggested changes Aug 22, 2025
View reviewed changes
Copy link
Contributor

@omondiatieno omondiatieno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left a few minor suggestions. We also need to add the image via the internal repo

docs/identity/hybrid/connect/how-to-connect-emergency-ad-fs-certificate-rotation.md
To revoke the old Token Signing Certificate that AD FS is currently using, you need to determine the thumbprint of the token-signing certificate. From your ADFS Server do the following:

1. Connect to the Microsoft Online Service by running in PowerShell `Connect-MsolService`.
1. Connect to the Microsoft Entra Module by running in PowerShell:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Connect to the Microsoft Entra Module by running in PowerShell:
1. Connect to the Microsoft Entra PowerShell module:

docs/identity/hybrid/connect/how-to-connect-emergency-ad-fs-certificate-rotation.md

*`Get-EntraFederationProperty -DomainName <your_domain.com> | FL Source, SigningCertificate`.

1. Copy down the thumbprint. You'll use it later to remove the existing certificates.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
1. Copy down the thumbprint. You'll use it later to remove the existing certificates.
1. Copy the thumbprint. You'll use it later to remove the existing certificates.

docs/identity/hybrid/connect/how-to-connect-emergency-ad-fs-certificate-rotation.md

>[!IMPORTANT]
You can get the **-InternalDomainFederationId** value by running the commando below:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
You can get the **-InternalDomainFederationId** value by running the commando below:
You can get the **-InternalDomainFederationId** value by running the following command:

docs/identity/hybrid/connect/how-to-connect-emergency-ad-fs-certificate-rotation.md
* `Get-EntraFederationProperty -DomainName your_domain.com`

1. To update the certificate information in Microsoft Entra ID, run the following command: `Update-MsolFederatedDomain` and then enter the domain name when prompted.
<img width="1774" height="165" alt="Get-EntraFedProperty" src="https://github.com/user-attachments/assets/5eac3a9f-a1e8-49e7-b3fb-36360a2ee211" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need to add this image via the private repo. I'll help with that.

@omondiatieno
Copy link
Contributor

Updates covered in an internal PR: https://github.com/MicrosoftDocs/entra-docs-pr/pull/9727

#please-close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@omondiatieno omondiatieno omondiatieno requested changes

Reviewers whose approvals may not affect merge requirements
Assignees

@omondiatieno omondiatieno

Labels
aq-pr-triaged Change sent to author do-not-merge entra-id/svc hybrid-connect/subsvc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Macorder-hub @v-regandowner @omondiatieno