Updating expired certificates in ADFS 2016

Today I had a call from a customer because they had expired certificates in their ADFS farm. Once I acceded to the farm, I realized that the expired certificates were the token signing and token decrypting certificates.

So, the first thing that I did, was to extend the certificate window expiration:

Set-ADFSProperties -CertificateDuration 36500

Then, update the expired certificates

Update-ADFSCertificate -CertificateType Token-Signing -Urgent

Update-ADFSCertificate -CertificateType Token-Decrypting -Urgent

And finally to restore the Office365 Enpoint, the following commands:


Connect-MsolService –Credential $cred

Update-MSOLFederatedDomain –DomainName “DomainName” -SupportMultipleDomain

*In my case I needed to set this parameter

And that’s all!

Till next time


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s