AD FS Across Differing Domain Functional Levels
my customer needs implement ad fs single sign on due cloud based email solution implemented. problem is, domain controllers server 2003 (non-r2) @ functional level of 2003 mixed mode. should able raise 2003 native if necessary however. solution create new 2008 domain , implement a two-way trust, running ad fs in new domain serving clients in 2003 domain. way should quicker upgrading current domain rather large project due size , complexity.
are there gotcha's should know doing way? have verified can create two-way trust between domains of these functional levels, , ad fs can service clients in trusted domain, not entirely sure if ad fs care trusted domain 2003 non-r2. can confirm if feasible scenario?
thanks much!!
wraith
it depends of version of adfs you're using - windows server 2012 r2:http://technet.microsoft.com/en-us/library/dn486819.aspx
<snip>
ad fs requirements in windows server 2012 r2in order migrate ad fs farm windows server 2012 r2, must meet following requirements:
for ad fs function, each computer want federation server must joined domain.
for ad fs running on windows server 2012 r2 function, active directory domain must run either of following:
- windows server 2012 r2
- windows server 2012
- windows server 2008 r2
- windows server 2008
if plan use group managed service account (gmsa) service account ad fs, must have @ least 1 domain controller in environment running on windows server 2012 or windows server 2012 r2 operating system.
if plan deploy device registration service (drs) ad workplace join part of ad fs deployment, ad ds schema needs updated windows server 2012 r2level
enfo zipper
christoffer andersson – principal advisor
http://blogs.chrisse.se - directory services blog
Windows Server > Directory Services
Comments
Post a Comment