locked
is the update metadata script still required for auto certificate renewal in ADFS 3.0? RRS feed

  • Question

  • Hi,
    We've got several customers for which we're using ADFS 3.0.
    In all cases we configure autorenewal for the federation certificates.

    This article confirms no actions need to be taken when the requirements are met :
     The AD FS property AutoCertificateRollover must be set to True
     The AD FS federation metadata is publicly accessible.

    However.. It takes some time before the metadata gets updates after this auto renewal takes place.

    This script available on technet is used to update this metadata, but it's not clear that this still needs to be used, or not?

    https://gallery.technet.microsoft.com/scriptcenter/Office-365-Federation-27410bdc/view/Discussions

    In other words, if we don't enable the task, will this cause downtime for a while until the metadata is updated automatically, or not?
    Wednesday, April 26, 2017 9:05 AM