RISHCheck if Office 365 has Your Updated ADFS Certificates
Download it here https://gallery.technet.microsoft.com/Check-and-Update-ADFS-3f27ee5e
This script has probably lived its useful life, but I’m sharing it anyway, because.. well why not!
When you want to quickly check to see if your published federation metadata (containing your ADFS token signing certificates) exists on Office 365 you can use Get-MsolFederationProperty that’s great if you have one domain.. but what if you have 25 or 50.
Create a profile on your ADFS servers
notepad $profile.alluserscurrenthost
Copy and paste this into the profile and click save
function Check-ADFSFederationForAllDomains {
get-msoldomain | ?{$_.authentication -eq "Federated" -and !$_.rootDomain } | %{
Write-host Processing $_.Name
$SETUP = Get-MsolFederationProperty –DomainName $_.Name
if ($setup[0].TokenSigningCertificate -eq $setup[1].TokenSigningCertificate -and $setup[0].NextTokenSigningCertificate -eq $setup[1].NextTokenSigningCertificate){
Write-host $_.Name "Token Signing and Next Token Signing Certificates Match" -ForegroundColor Green
} else {
Write-host $_.Name "Token Signing and/or Next Token Signing Certificates DO NOT Match" -ForegroundColor REd
}
}
}
write-host 'Check-ADFSFederationForAllDomains'
Function Update-ADFSFederationForAllDomains ($supportMultipleDomains){
get-msoldomain | ?{$_.authentication -eq "Federated" -and !$_.rootDomain } | %{
Write-host Processing $_.Name
Update-MsolFederatedDomain –DomainName $_.Name -SupportMultipleDomain:$supportMultipleDomains
}
}
Write-Host 'Update-ADFSFederationForAllDomains'
Now when the time comes to check just run Check-ADFSFederationForAllDomains followed by Update-ADFSFedrationForAllDomains if you need to update.
Download it here https://gallery.technet.microsoft.com/Check-and-Update-ADFS-3f27ee5e