none
Multiple ADFS farms in single domain RRS feed

  • Question

  • My current setup is 2 x ADFS 3.0 servers in a single domain (2 servers for redundancy of that ADFS farm)

    A number of relying party trusts are configured in ADFS; they are used to provide single sign-on for a number of web applications (development, test and production versions of said applications)

    I would now like to set up a separate ADFS farm in the same domain for development/test purposes only, and move all of the development and test relying party trusts to that farm.

    Is this possible please?

    Thanks

    Pete



    • Edited by Pete_993 Tuesday, June 19, 2018 3:51 PM
    Tuesday, June 19, 2018 3:47 PM

Answers

  • Thanks Jorrk. I did find lots of answers from Pierre Audonnet [MSFT]. For anyone else looking, helpful links are:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/1c87ac9e-c2ed-4178-8294-a68854f45ffa/adfs-multiple-farm-one-domain?forum=ADFS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/3ea062a4-288f-4b12-a807-776c2ff5bd60/multiple-adfs-30-farms-single-sitesingle-domain?forum=ADFS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/11a23185-efa5-4ce1-8bf7-e6bd1cc3889a/multiple-adfs-farms-single-domain?forum=ADFS

    Note that Pierre mentions the DRS service caveat. "The only caveat is about the Device Registration Service. Because the DRS configuration is stored in the configuration partition, you can only have one instance of DRS per forest. So all the ADFS farm of the forest will have to share this."


    Wednesday, June 20, 2018 10:04 AM

All replies

  • Yes, you can have multiple ADFS-farms within the same AD-domain.
    You cannot have the same name on both farms, but if you have different name like idp.adfs.com and test-idp.adfs.com it will work.

    There are a lot of discussions about this already in the forum so if you search I promise you will find more information about it.

    Wednesday, June 20, 2018 6:12 AM
  • Thanks Jorrk. I did find lots of answers from Pierre Audonnet [MSFT]. For anyone else looking, helpful links are:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/1c87ac9e-c2ed-4178-8294-a68854f45ffa/adfs-multiple-farm-one-domain?forum=ADFS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/3ea062a4-288f-4b12-a807-776c2ff5bd60/multiple-adfs-30-farms-single-sitesingle-domain?forum=ADFS

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/11a23185-efa5-4ce1-8bf7-e6bd1cc3889a/multiple-adfs-farms-single-domain?forum=ADFS

    Note that Pierre mentions the DRS service caveat. "The only caveat is about the Device Registration Service. Because the DRS configuration is stored in the configuration partition, you can only have one instance of DRS per forest. So all the ADFS farm of the forest will have to share this."


    Wednesday, June 20, 2018 10:04 AM