locked
ADFS2 & ADFS4 Interoperatibility AD Requirements RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, 

    We currently have an ADFS 2 deployment in a Windows Server 2008 R2 Forest/Domain Functional Level.

    There's a need to replace the existing ADFS2 with ADFS4.

    Once we start building parallel ADFS4 servers on Windows Server 2016 OS in the existing environment, do we need to raise the AD Schema as well to Active Directory 2016 schema (minimum version 85) ?

    We want to build a parallel ADFS4 in the existing ADFS2 environment first, migrate off to ADFS4 and then finally decommission ADFS2 from the environment.

    Cheers

    HA

    HA

    Thursday, October 12, 2017 4:12 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    You will need the ADDS 2012 R2 schema if you plan to use the Device Registration service.

    You will need the ADDS 2016 schema if you want to upgrade the farm behavior level to 2016.

    But until you reach one of these two points, you can stay with a ADDS 2008 R2 schema.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 13, 2017 12:15 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Pierre.

    So in a nutshell, until we have the ADFS FB level set to 2016, we won't be able to achieve all the features of ADFS 4.

    If we install ADFS4 in our existing ADFS2 farm, is there a possibility of any other issues/considerations ?

    Cheers

    HA

    HA

    Friday, October 13, 2017 2:40 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    "So in a nutshell, until we have the ADFS FB level set to 2016, we won't be able to achieve all the features of ADFS 4." > Correct

    You cannot have a mixed farm composed of ADFS 2016 and ADFS 2. The mixed mode is only between ADFS 2012 R2 and ADFS 2016. In your case, if you want to upgrade your farm, you need to run the export/import scripts like documented here: https://docs.microsoft.com/en-ca/windows-server/identity/ad-fs/deployment/migrate-ad-fs-service-role-to-windows-server-r2 (the scripts still exist with ADFS 2016).

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Friday, October 13, 2017 2:16 PM