On the primary ADFS server run (Get-ADFSProperties).CertificateSharingContainer. There is no list of the WAP servers in the farm – so you need to know this server names already, but looking in the Event Viewer on an ADFS server should show you who have connected recently in terms of WAP servers. If you don’t know all your ADFS Server Farm members then you can use tools such as found at this blog for querying AD for service account usage as ADFS is stateless and does not record the servers in the farm directly. If you don’t know which is the primary, try this on any one of them and it will tell you the primary node! Run Get-ADFSSyncProperties and you will either get back a list of properties where LastSyncFromPrimar圜omputerName reads the name of the primary computer or it says Primar圜omputer. Login to the primary node in your ADFS farm. So first check that these conditions are true. This guide assumes you were using ADFS for one relying party trust, that is Office 365, and now that you have moved authentication to Azure AD you do not need to maintain your ADFS and WAP server farms. There are guides for the other versions online. This guide is for Windows 2012 R2 installations of ADFS. Once that part of the project is complete it is time to decommission the ADFS and WAP servers. I am doing a number of ADFS to Azure AD based authentication projects, where authentication is moved to Password Hash Sync + SSO or Pass Through Auth + SSO.
0 Comments
Leave a Reply. |