locked
Move ADFS functionality to new servers RRS feed

  • Question

  • Current ADFS environments is configured using Windows Server 2012 R2 (ADFS & Wep Application Proxy). This environment is going to be decommissioned and I have installed new Windows Server 2016 machines already but they are not yet configured.

    What I'm planning to do is following: Install new ADFS farm using same name (sts.domain.com) as old adfs farm, point internal and external DNS to new servers and update Office 365 federation configuration using following command

    Update-MSOLFederatedDomain –DomainName: <Federated Domain Name>  –supportmultipledomain

    Will this method work? 

    Saturday, June 9, 2018 1:23 PM

Answers

All replies

  • Without going into details you approach seems correct.

    For the ADFS-parts, just install the new servers and add them to the same federation-service (adfs-farm) as the old ones. Decommission the old servers and then raise the level of the new servers to 2016 functional level.

    https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server

    I'm not sure you need to update the MSOL-domain, but the cmdlet you posted is not harmful so I guess it does not hurt to run.

    Wednesday, June 20, 2018 7:02 AM
  • were you able to complete this? if yes, what are your thoughts, how it went? can you share your experience?

    i am also planning to move adfs functionality to new servers in the public cloud from vendors data center due to cost. 

    Thanks,


    Thank you

    Thursday, May 2, 2019 6:58 AM
  • I am attempting this too - so far seems well (I have used local host files to test so far)

    I will update the DNS settings out of hours and do some testing and let you know how i get on

    Cheers

    Jase

    Monday, May 27, 2019 12:44 AM