ADFS Azure need PDC to logon or not ? RRS feed

  • Question

  • Hi Team,

    I have ADFS on azure connected by site to site VPN. the topology is same as bellow picture

    I have PDC on the on premise AD sites,

    I have issue when S2S VPN is going down, ADFS failed to logon when S2S going down even I can contact DC on Azure sites

    my question is, when ADFS perform logon, it must be contact PDC or it can logon just to another DC

    please help, i need to verify this compatibility


    Tuesday, October 30, 2018 3:37 PM


  • Only for external connexions and if you have enabled the Extranet Lockout Policy.

    With ADFS 2016 and the Smart Lockout policy, this requirement does not exist.

    Also, with ADFS 2016 and the Extranet Lockout Policy (2012 R2 style), there is an option to remove PDC requirement.

    Note that if you are using ADFS solely for Office 365, maybe you can cut the cost and opt for Azure AD Connect Seamless SSO: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, November 1, 2018 12:49 AM