none
ADFS 2.0 and ADFS 3.0 farms in same domain RRS feed

  • Question

  • Hi -

    We currently have an ADFS 2.0 farm that spans two datacenters (shared SQL backend).  We have ADFS Proxies in front of each ADFS server and load balance internally and externally.  This farm serves trusts for maybe around 10 foreign systems.

    We'd like to stand up an ADFS 3.0 farm that uses a completely separate SQL backend - and slowly migrate our org trusts that are currently in place to this new 3.0 system.

    Will this be possible as long as there are no overlapping DNS names (farm name, etc)?  TIA.

    Thursday, August 11, 2016 12:14 AM

Answers

  • YEs but you don't really need to. The ADFS upgrade path is a parallel upgrade. You basically build another farm with the same name and service account (but on a new SQL instance). Export the config of the old and import the config in the new one. Everything is detailed here: https://technet.microsoft.com/en-us/library/dn486815(v=ws.11).aspx

    So you would have both farm up and running and the decision to use one or the other is at the discretion of the DNS resolver. You could configure a host file on your machine, test the apps (that will use the new ADFS farm) and when you feel you are ready to go live, upgrade the actual DNS records (and eventually load balancing endpoints).


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Proposed as answer by nzpcmad1Moderator Friday, August 12, 2016 1:34 AM
    • Marked as answer by JayCrumpGP Friday, August 12, 2016 12:40 PM
    Thursday, August 11, 2016 8:58 PM
    Owner

All replies

  • YEs but you don't really need to. The ADFS upgrade path is a parallel upgrade. You basically build another farm with the same name and service account (but on a new SQL instance). Export the config of the old and import the config in the new one. Everything is detailed here: https://technet.microsoft.com/en-us/library/dn486815(v=ws.11).aspx

    So you would have both farm up and running and the decision to use one or the other is at the discretion of the DNS resolver. You could configure a host file on your machine, test the apps (that will use the new ADFS farm) and when you feel you are ready to go live, upgrade the actual DNS records (and eventually load balancing endpoints).


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Proposed as answer by nzpcmad1Moderator Friday, August 12, 2016 1:34 AM
    • Marked as answer by JayCrumpGP Friday, August 12, 2016 12:40 PM
    Thursday, August 11, 2016 8:58 PM
    Owner
  • Thank you.
    Friday, August 12, 2016 12:40 PM