• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 549
  • Last Modified:

ADFS 2.0 Farm setup

Hello All,

I am planning on setting up an ADFS farm (Federated with Office 365) that will have as members our internal ADFS (Primary ADFS server already in place) and our DR server in the cloud. Both of the servers are Windows Server 2012 Standard.

My purpose is that in case our internet connectivity goes down, our ADFS will failover to my ADFS DR server located in the cloud and users will still be authenticated in the Office 365 portal.

Can someone help me on this?
0
LuiLui77
Asked:
LuiLui77
  • 4
  • 3
1 Solution
 
Vasil Michev (MVP)Commented:
You gonna use Azure for that? A good starting point is here:

http://technet.microsoft.com/library/dn509539.aspx
0
 
LuiLui77Author Commented:
Hi Vasilcho, Is there other options that I can use besides Azure?
0
 
Vasil Michev (MVP)Commented:
Of course, but you mentioned the cloud, so I assumed Azure. Where are you planning to put it?

The principle is still the same, you need to bring one DC and (optionally now, as new versions dont have such restrictions), another server for the AD FS. You can also plan for Dirsync, but that is not really a critical component.

Again, good overview can be found in the Azure documentation:

http://technet.microsoft.com/en-us/library/dn509536.aspx
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
LuiLui77Author Commented:
Hey Vasilcho, I was not counting on the DC, I thought with the installation of AD lightweight in the same server where I want to install the secondary ADFS will do.

Can I do this?
0
 
Vasil Michev (MVP)Commented:
Won't you have a DC in the DR site? :)

AD FS 2.0 does NOT support AD LDS as the account store, AD FS 1.0 did.
0
 
LuiLui77Author Commented:
YIKES, ok.

Can I have ADFS 2.0 on a Domain Controller?

What I am thinking about doing is promoting the Cloud Server to be a Domain Controller.

Do you think this setup will work?
0
 
Vasil Michev (MVP)Commented:
AD FS 2.0/2.1? You can, but you shouldn't. It requires IIS to work, and I really doubt you or your security guy will like the idea. You can use RODC instead, but you will need to enable password caching on it for any user that needs to auth to AD FS.  

AD FS 3.0 which comes with 2012 R2 runs in the kernel and does not require IIS. You can look at that option too, but then you will probably have to rebuilt from scratch.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now