Work Folders External Setup (ADFS & WAP)

sa_experts_exchange
sa_experts_exchange used Ask the Experts™
on
My Setup: All Virtual

Server1 - WS2019 - Fileserver on .local domain with work folders and IIS setup with wildcard cert.
Server2 - WS2016 - Domain Controller .local private domain with zone created for our external domain .com
Server3 - WS2019 - not domain joined server

I have Work Folders working internally, however I am limited on the amount of virtual cores so my questions are...

If I setup WAP & ADFS

1: Can I install ADFS on the domain controller. I dont have enough specs to create a new server for just ADFS. I want to be able to install ADFS on the DC.

2: WAP instructions state the server must have 2 NIC cards, external and internal. Can I just use one NIC with DNS entries for external and internal?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
1.  I wouldn't call it best practice, but yes ADFS can be installed on a DC.

2.  I don't have specific experience with Work Folders, so I'm not sure if there's a specific need due to that, but I would think not.  I can say that it is not needed using ADFS to support other scenarios (like federated authentication to Office 365).  It should be easy enough for you to test however.  Put the WAP in a DMZ with a single NIC (with an IP in the DMZ subnet).  Your firewall should route/NAT from the public IP for "fs.example.com" (or whatever name you use) to the WAP.  On the WAP edit your HOSTS file so that fs.example.com points to the IP of the internal ADFS.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial