Remove EU-S02/US-S01 Customer to Access Portal.
We are in an interim scenario where we have to do some manual tasks to get customers access to the IAMCloud portal on these old stacks. Here are the steps:
1. Get the customers email domain(s) from the portal that you want to add to remove from the legacy stack
2. With the domain name e.g. x.ac.uk connect to NEU-FED-RELAY1 to do the magic.
3. Once on the server open up the config file here C:\IAMCloud\ADFSDomains\config.csv.
4. In the config.csv file locate the domain name from step 2 and remove it. Make sure you validate that you only remove one comma and it still looks like a valid CSV.
For EU (S02) make sure you remove it from the top row (EU-FED-S03)
For US (S01) make sure you remove it from the bottom row (US-FED-S04)
This will allow it to be added to S03 or S04.
5. Take a copy of the entire list of domain names that have now been updated in the config.csv file from both the EU and US lines and run the following command:
Set-AdfsClaimsProviderTrust -TargetName EU-FED-S02 -OrganizationalAccountSuffix yy.org.uk,xx.ac.uk,etc.ac.uk,...
Set-AdfsClaimsProviderTrust -TargetName US-FED-S01 -OrganizationalAccountSuffix yy.org.uk,xx.ac.uk,etc.ac.uk,...
6. Run the ADFSDomains.ps1 script.
7. Test sign in to the IAMCloud portal with a customer's portal admin account.
Useful commands in relation to this task:
Check which domains are currently in claims provider trust e.g. for CPT EU-FED-S03.
Get-AdfsClaimsProviderTrust eu-fed-s03 | select -ExpandProperty organizationalaccountsuffix > s03domains.txt.