AD FS 2.0: How to Set the Primary Federation Server in a WID Farm

AD FS 2.0: How to Set the Primary Federation Server in a WID Farm

Summary

When you deploy an Active Directory Federation Services (AD FS) 2.0 Federation Server farm, you have the option of choosing Windows Internal Database (WID) or SQL to store the configuration information. When you select WID, which is the default in the Initial Configuration Wizard GUI, the first Federation Server in the farm becomes the primary Federation Server. All other servers in the farm are considered secondary Federation Servers.

The WID database on the primary server is read/write and the WID database on the secondary server(s) are read-only. Changes made to the configuration are made only on the primary Federation Server and those changes are replicated (5 minutes interval by default) to the secondary servers via WID database synchronization.

In the event that the primary Federation Server becomes unavailable and will not be brought back online, the administrator needs promote one of the secondary Federation Servers to primary for the farm.

Command to run on the secondary server which you want to make primary:

Add-PsSnapin Microsoft.Adfs.PowerShell

Set-AdfsSyncProperties -Role PrimaryComputer

 

Now that you have set a new Primary Federation Server, you need to configure the other Secondary Federation Servers to sync with the new Primary Federation Server

Command to run on the other farm member servers:

Add-PsSnapin Microsoft.Adfs.Powershell

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName {FQDN of the Primary Federation Server}

Sort by: Published Date | Most Recent | Most Useful
Comments
  • I love Adam Conkle's ADFS wiki's! Whenever I look for some solution to some problem not documented elsewhere I eventually end up here.

  • Hey Danny...Please check out the entire ADFS 2.0 content map here: social.technet.microsoft.com/.../2735.ad-fs-2-0-content-map.aspx

  • Hi All,

    We have ADFS 2.0 farm (2 Servers in NLB) with WID at primary site and one more ADFS server (not part of NLB) at DR site in the same farm to serve O365 SSO.

    Now I wanted to test ADFS DR.

    Will take care of DNS by swapping IP addresses etc.

    Now if I shutdown the both ADFS servers in primary site for testing purpose, is it mandatory to convert my DR site ADFS server from secondary to primary as mentioned in above article ?

    Also If I do so, what will happens with ADFS servers in primary site when I start them ?

    Am not able to figure out the exact method to test ADFS DR functionality.

    Any help is highly appreciated.

    Best Regards

    Mahesh

  • Very easy clarifications but robust. Thanks Adam Conkle :)

Page 1 of 1 (4 items)