none
Questions about ADFS (2016) and Office 365 RRS feed

  • Question

  • Hi, I am preparing my infrastructure for migrating office365 from user/password sync to ADFS, I am almost done but I have a few questions that need clarification before making the final steps

    1. Is completely neccesary to have the WAP server? because I still have a Forefront TMG server (Single NIC) for publishing servers and that TMG is behind a Web Application Firewall from Fortinet. I created a publishing rule and can access and authenticate correctly from the internet and withing the same lan to the adfs server (Ex: https://adfs.mycompany.com/adfs/ls/idpinitiaedsignon.htm)

    2. If I have multiple domains configured on my tenant with a single Azure AD sync tool, ex (domain1.com and domain2.com) and I have an AD trust between those domains, I have to setup an ADFS server for each domain?

    3. I have a bunch  subdomains from domain1.com for example staff.domain1.com, students.domain1.com, services.domain1.com do I have to federate each subdomain or only the parent domain

    4. Once I make de change, what Will happen to email clients (desktop and mobile apps)? Will everybody have to recreate the accounts or re-enter their credentials? or will that be transparent for them?

    5. Same question as above with other apps like Skype for Bussiness, OneDrive, etc.

    6. Once I make the change (Federating my domains) can I go back if something goes wrong?


    Thank you!!



    Thursday, January 24, 2019 5:02 PM

Answers

  • Well I kept working on it, so I know I have everything up and running so I'll answer my questions just in case anyone else need it:

    1. Is completely neccesary to have the WAP server? because I still have a Forefront TMG server (Single NIC) for publishing servers and that TMG is behind a Web Application Firewall from Fortinet. I created a publishing rule and can access and authenticate correctly from the internet and withing the same lan to the adfs server (Ex: https://adfs.mycompany.com/adfs/ls/idpinitiaedsignon.htm)

    No, its not completely necessary, I have Facebook Workplace and Office365 services with ADFS just with the ADFS server, Microsoft Forefront TMG and a WAP, so I guess with any reverse proxy or Lad Balancing server like Kemp for example it can be done without the WAP server

    2. If I have multiple domains configured on my tenant with a single Azure AD sync tool, ex (domain1.com and domain2.com) and I have an AD trust between those domains, I have to setup an ADFS server for each domain?

    No, you just need to have the UPN suffixes added in Active Directory Domains and trusts 

    3. I have a bunch  subdomains from domain1.com for example staff.domain1.com, students.domain1.com, services.domain1.com do I have to federate each subdomain or only the parent domain

    Yes you have to federate each domain

    4. Once I make de change, what Will happen to email clients (desktop and mobile apps)? Will everybody have to recreate the accounts or re-enter their credentials? or will that be transparent for them?

    In my case nothing else had to be done, every services kept working without any issue

    5. Same question as above with other apps like Skype for Bussiness, OneDrive, etc.

    In my case nothing else had to be done, every services kept working without any issue

    6. Once I make the change (Federating my domains) can I go back if something goes wrong?

    Yes it can be done, I haven't tried it yet but there is a lot of info on how to do it

    • Marked as answer by Gustavo Puente Wednesday, January 30, 2019 5:32 PM
    Wednesday, January 30, 2019 5:32 PM