Your company has an Azure Active Directory (Azure AD) tenant federated with its on-premises Active Directory Domain Services (AD DS) domain. This domain is named companycs.com.
Your company recently purchased another company named CompanyBD. CompanyBD has its own AD DS domain named companybd.net. This domain is not federated with an Azure AD tenant.
You need to integrate the companybd.net domain with your Azure AD tenant. You decide to federate this new domain.
You attempt to federate the companybd.net domain with Azure AD by using the following cmdlet:
Convert-MsolDomaintoFederated -DomainName companybd.net
You get the following error:
Convert-MsolDomaintoFederated: The federation service identifier specified in the Active Directory Federation Services 2.0 server is already in use. Please correct this value in the AD FS 2.0 Management console and run the command again.
What is the most likely reason for getting this error?
You are getting this error because the value of the IssuerUri is adfs.companycs.com. This is the default value for this parameter when you configure the federation between the top-level domain and Azure AD. You got this value because you did not use the -SupportMultipleDomain parameter when you used the Copnvert-MsolDomaintoFederated cmdlet the first time. You need to change the value of IssuerUri to companycs.com to be able to add an additional top-level domain. At this point, you should delete the Microsoft Office 365 Identity Platform entry in the Relying Party Trust in the AD FS Management console and use the Update-MSOLFederatedDomain -DomainName companycs.com -SupportMultipleDomain command. This will recreate the trust relationship with the correct value for the IssuerUri parameter.