locked
Configuring ADFS between two domains in same forest RRS feed

  • Question

  • I have two domains, server1.domain.com and server2.domain2.com. I have created the second domain in same forest as first one. I have ADFS configured only on domain1 machine. I am expecting that domain1 being the root domain and  login request from domain2 users should be handled by ADFS setup on domain1. How to configure this manually on AD server?

    Thursday, January 9, 2020 9:12 AM

Answers

  • The ADFS service uses Windows Integrated Authentication (Kerberos & NTML). This works in the entire forest by default. So if you installed ADFS in domain1 all users in the same forest can already authenticate, that include domain2 and more if you have other domain in the forest or event external trusts. This requires that the ADFS server can reach the DCs of these domains from a network perspective. That's it.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Thursday, January 9, 2020 3:18 PM

All replies

  • The ADFS service uses Windows Integrated Authentication (Kerberos & NTML). This works in the entire forest by default. So if you installed ADFS in domain1 all users in the same forest can already authenticate, that include domain2 and more if you have other domain in the forest or event external trusts. This requires that the ADFS server can reach the DCs of these domains from a network perspective. That's it.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.


    Thursday, January 9, 2020 3:18 PM
  • You probably need to have a DC from the second domain in the same site as ADFS server.

    Mark the answer if it helps you.

    Monday, January 13, 2020 7:03 AM