locked
Two ADFS form in single domain RRS feed

  • Question

  • We would like to have two ADFS form, one for production app and another one for Test app. 

    Can you tell the MS suggestion to have two ADFS form is possible or if any issue occur if we go to 2 ADFS form in single domain environment?


    Thursday, October 12, 2017 3:23 PM

Answers

  • Yes you can deploy two ADFS farms in the same ADDS domain or forest. As long as they have different names and URLs will not interfere with each other.

    However, if you are planning to use the Device Registration Service (to enroll devices) they you can have only one configuration per forest, so your two farms will share that configuration. If you are not planning to use DRS, then no issue at all.

    Also, use a different service account, then you can also test things on the service accounts in your test farm without breaking the production farm.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 13, 2017 12:13 AM

All replies

  • Yes you can deploy two ADFS farms in the same ADDS domain or forest. As long as they have different names and URLs will not interfere with each other.

    However, if you are planning to use the Device Registration Service (to enroll devices) they you can have only one configuration per forest, so your two farms will share that configuration. If you are not planning to use DRS, then no issue at all.

    Also, use a different service account, then you can also test things on the service accounts in your test farm without breaking the production farm.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 13, 2017 12:13 AM
  • Pierre, what about service accounts? Can I use Manage Service Account group without impacting current Prod Farm? I'm trying to setup a UAT Farm. thanks
    Friday, June 1, 2018 2:28 PM
  • Yes you can use a gMSA for ADFS. Please create a new thread with your entire scenario if you need a more precise answer :)

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    • Proposed as answer by LDAP_Guy Thursday, June 14, 2018 7:44 PM
    Monday, June 11, 2018 1:57 PM