locked
Single Forest, Multiple ADFS Farm, One AAD Connect RRS feed

  • Question

  • Hi all,

    I have an unique requirement for one of my client. I have fully functional hybrid environment with EXO. We do not want to modify AAD connect and ADFS 2012 R2.

    Here is the scenario.

    • 1 single forest with 3 hybrid UPNs (domaina.com, domainb.com, domainc.com)
    • 2x ADFS servers in single ADFS 2012 R2 farm
    • 2X WAP 2012 R2 cluster
    • 1x AAD Connect
    • 1X O365 Tenant with 3 domains (domaina.com, domainb.com, domainc.com)
    • 1x routable authentication endpoint sts.domaina.com

    Above configuration is working perfectly.

    Now I would like to build separate ADFS 2016 farm with WAP 2016 cluster for a SaaS application. This ADFS 2016 farm will be dedicated to authenticate this SaaS application. We would also like to turn on MFA on ADFS 2016. Add new routable authentication endpoint  sso.domain.com with new public IP for ADFS 2016 farm.

    End goal is that once user hit https://tenant.SaaSApp.com/ it will redirect them to sso.domain.com and prompt for on-prem AD credentials and MFA.

    Question: Will this configuration work? Do I need to add another AAD Connect?

    Tuesday, January 31, 2017 1:01 AM

All replies

  • Nice Microsoft. I never find an answer in Microsoft forum. May be I am the first person doing this type of configuration.
    Thursday, February 2, 2017 1:34 AM