locked
ADFS version compatibility RRS feed

  • Question

  • Looking to roll out ADFS 3.0 on dedicated VMs (2 x core ADFS servers and 2 x Web Application Proxy servers), so these dedicated VMs will be running Windows Server 2012 R2. However the domain hosting the apps comprises domain controllers running Windows Server 2008 R2 (with a FFL/DFL of 2008 R2 as well).

    Unfortunately while it's easy to find what version of OS you need to install ADFS 3.0, info on cross-compatibility is not so clear. Basically can I deploy dedicated ADFS 3.0 infrastructure in to a Windows Server 2008 R2 domain or do the domain controllers also need to be running 2012 R2? (I appreciate the Web Application Proxy servers do not need to be domain-joined, but that the core ADFS servers can be).

    Thanks in advance.


    • Edited by Rob.UK Wednesday, February 14, 2018 10:19 AM
    Wednesday, February 14, 2018 10:18 AM

Answers

  • https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements#BKMK_4

    AD FS Requirements

    Applies To: Windows Server 2012 R2

    AD DS requirements

    Domain controller requirements

    Domain controllers in all user domains and the domain to which the AD FS servers are joined must be running Windows Server 2008 or later.

    Domain functional-level requirements+

    All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server 2003 or higher.

    Most AD FS features do not require AD DS functional-level modifications to operate successfully. However, Windows Server 2008 domain functional level or higher is required for client certificate authentication to operate successfully if the certificate is explicitly mapped to a user's account in AD DS.



    • Edited by Steven_1990 Wednesday, February 14, 2018 6:09 PM
    • Proposed as answer by Steven_1990 Wednesday, February 14, 2018 6:09 PM
    • Marked as answer by Rob.UK Thursday, February 15, 2018 10:47 PM
    Wednesday, February 14, 2018 6:08 PM

All replies

  • https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/design/ad-fs-requirements#BKMK_4

    AD FS Requirements

    Applies To: Windows Server 2012 R2

    AD DS requirements

    Domain controller requirements

    Domain controllers in all user domains and the domain to which the AD FS servers are joined must be running Windows Server 2008 or later.

    Domain functional-level requirements+

    All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server 2003 or higher.

    Most AD FS features do not require AD DS functional-level modifications to operate successfully. However, Windows Server 2008 domain functional level or higher is required for client certificate authentication to operate successfully if the certificate is explicitly mapped to a user's account in AD DS.



    • Edited by Steven_1990 Wednesday, February 14, 2018 6:09 PM
    • Proposed as answer by Steven_1990 Wednesday, February 14, 2018 6:09 PM
    • Marked as answer by Rob.UK Thursday, February 15, 2018 10:47 PM
    Wednesday, February 14, 2018 6:08 PM
  • Many thanks!
    Thursday, February 15, 2018 10:48 PM