Avatar of erik_r

asked on 

AD FS with public domain name SSL certificate on private domain

Hello.  My Active Directory domain name is private.com.  My email domain is public.com which is used with O365 and a public facing website.

I'm setting up AD FS (at the moment NOT for O365) and purchased a wildcard SSL cert for *.public.com.  My mind kind of went blank on this one since I see the email (public) domain on a daily basis.

Now, the name of my AD FS farm is adfs.public.com.  I would like to use this name and it auto-populated because the SSL cert I installed on this server is *.public.com.

The name of the server running AD FS is adfs-1.private.com.  I read that a CNAME record should be created for adfs.public.com to point to adfs-1.private.com.  Is this correct?  If so, how would you deal with adding more than one AD FS server to the farm.

I don't know how to make adfs.public.com work for internal users in the DNS forward lookup zone for private.com.  Now, I can create another forward lookup zone named adfs.public.com (the subdomain name of adfs in front of private.com should alleviate any DNS issues with internal users browsing to public.com websites and such) and create a host entry to adfs-1.private.com.  It won't let me create a CNAME record to another forward lookup zone.

At the moment I'm only concerned with internal name resolution.

Either I am over complicating this or my approach is way off base and too simple.

Thank you.
* DNS Zone* Active Directory Federation Services (ADFS)DNS* adfs

Avatar of undefined
Last Comment

8/22/2022 - Mon