未加星标

ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) Part 1

字体大小 | |
[系统(windows) 所属分类 系统(windows) | 发布者 店小二05 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏
Introduction

With the release of windows Server 2016, Microsoft has introduced new and improved features. One of those features is ADFS 4.0, better known as ADFS 2016.

Organization have already started leveraging ADFS 2016 as it covers most of their requirement, specially in terms of security.

In this series of blog posts, I will demonstrate how you can upgrade from ADFS v 3.0 (Running Windows Server 2012 R2) to ADFS 2016. In the series to come I will also cover Web Application Proxy (WAP) migration from Windows Server 2012 R2 to Windows Server 2016. Moreover, I will cover integration of Azure MFA with the new ADFS 2016.

The posts in this seriesassume you have knowledge in Windows Servers, AD, ADFS, WAP, and MFA. This blog post will not go into detailed step-by-step installation of roles and features. This blog post also assumes you have a running environment of AD, ADFS/WAP (2012 R2), AAD Connect already configured.

What’s New in ADFS 2016?

ADFS 2016 offers new and improved features included:

Eliminate Passwords from the Extranet Sign in with Azure Multi-factor Authentication Password-less Access from Compliant Devices Sign in with Microsoft Passport Secure Access to Applications Better Sign in experience Manageability and Operational Enhancements

For detailed description on the aforementioned points, please refer to this link .

Current Environment 2x ADFS v3Servers (behind an internal load balancer) 2x WAP 2012 R2 Server (behind an external load balancer) 2x AD 2012 R2 Servers 1x AAD Connect server

At a high level design, this is howthe ADFS/WAP environmentlooks:


ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016)   Part 1
Future environment: 2x ADFS 2016 Servers (behind the same internal load balancer) 2x WAP 2016 Servers (behind the same external load balancer) 2x AD 2012 R2 Servers 1x AAD Connect Server Planning for your ADFS and WAP Migration

At first, you need to make sure that your applications can support ADFS 2016, some legacy applications may not be supported.

The steps to implement SSO are as follows:

Active Directory schema update using ‘ADPrep’ with the Windows Server 2016 additions Build Windows Server 2016 servers with ADFS and install into the existing farm and add the servers to the Azure load balancer Promote one of the ADFS 2016 servers as “primary” of the farm, and point all other secondary servers to the new “primary” Build Windows Server 2016 servers with WAP and add the servers to the Azure load balancer Remove the WAP 2012 servers from the Azure load balancer Remove the ADFSv3 servers from the Azure load balancer Raise the Farm Behavior Level feature (FBL) to ‘2016’ Remove the WAP servers from the cluster Upgradethe WebApplicationProxyConfiguration version to ‘2016’ Configure ADFS 2016 to support Azure MFA and complete remaining configuration

The steps forthe AD schema upgrade are as follows:

Prior to starting, the Active Directory needs to be in a health state, in particular replication needs to be performing without error. The Active Directory needs to be backed-up. Best to backup (at a minimum) a few Active Directory Domain Controllers including the ‘system state’ Identify which Active Directory Domain Controller maintains the Schema Master role Perform the update using an administrative account by temporarily adding the account to the Schema Admin group Download and have handy the Windows Server 2016 installation media When ready to update the schema, perform the following: Open an elevated command prompt and navigate to support\adprep directory in the Windows Server 2016 installation media. Run the following: adprep /forestprep . Once that completes run the following: adprep/domainprep

Upgrading the Active Directory schema will not impact your current environment, nor will it raise the domain/forest level.

Part 2 of this series will be published on Monday 23rd of January. Therefore make sure to please come back and check in details the migration process.

本文系统(windows)相关术语:三级网络技术 计算机三级网络技术 网络技术基础 计算机网络技术

分页:12
转载请注明
本文标题:ADFS v 3.0 (2012 R2) Migration to ADFS 4.0 (2016) Part 1
本站链接:http://www.codesec.net/view/530562.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(windows) | 评论(0) | 阅读(73)