locked
Upgrade & move ADFS 3 to ADFS 2016 running in Azure RRS feed

  • Question

  • Hello All,

    We currently have 2 ADFS 3.0 servers using Windows NLB on-premise with no WAP servers currently to handle SSO for Office 365.  We are looking to move ADFS to Azure based virtual servers running 2 new ADFS 2016 and adding 2 new 2016 WAP servers running in Azure on a DMZ network.  There will be an internal Azure load balancer for the ADFS 2016 servers and an external Azure load balancer for the 2016 WAP servers.   The ADFS 3.0 will be decommisioned after ADFS 2016 is up and tested.  

    The plan is to add the ADFS 2016 servers to the existing 3.0 farm, promote one of the ADFS 2016 servers as primary and then add the new WAP servers.  The WAP servers will have a host entry that will point to the internal Azure load balancer.  The goal is to limit the changes to just an external DNS change and not have to make any additional federation changes or need for new certs or dns names.

    The question is once I add the WAP servers to the ADFS 2016 server will the existing ADFS 3.0 server still accept requests that do not come from the new WAP servers?  What I'd like to make sure is that the legacy ADFS 3.0 infrastructure will still function while I test the new 2016 ADFS/WAP infrastucture before changing our DNS entry to point to the external Azure load balancer for the 2016 WAP servers.  Or able to roll back if the ADFS 2016 system doesn't work.  

    Hopefully this makes sense.

    Thanks in advanced,

    Gene

    Tuesday, April 17, 2018 4:13 PM

All replies