Migrating from AD FS 1.x to AD FS 2.0

Applies To: Active Directory Federation Services (AD FS) 2.0

Migrating from AD FS 1.x to AD FS 2.0

Before any migration procedures or preparations begin, the following conditions are assumed:

• The source server where you will be migrating settings from is a functioning federation server in an existing Active Directory Federation Services (AD FS) 1.x Federation Service.

• The destination server has Windows Server 2008 or Windows Server 2008 R2 installed. It has also been added to the network as a member server with a unique (static) IP address and server name.

• When the migration of settings from the AD FS 1.x federation server to the AD FS 2.0 federation server is complete, the AD FS 2.0 federation server begins performing the functions of the AD FS 1.x federation server. The AD FS 1.x federation server is then retired and removed from the network, or it remains as an additional federation server.

Overview of the migration process

When you perform a migration, you complete the following tasks:

• Plan the migration. See Planning a Migration to AD FS 2.0.

• Prepare a new destination server for the AD FS 2.0 federation server role, and export and import certificates. For more information, see Checklist: Preparing a New AD FS 2.0 Federation Server for Migration.

• Before migration begins, collect settings from the AD FS 1.x Federation Service. This section provides several tables that you can use to collect this data, along with pointers for migrating the various Federation Service settings. This includes the following AD FS 1.x-to-AD FS 2.0 equivalent settings:

  • AD FS 1.x account partner trusts to AD FS 2.0 claims provider trusts

  • AD FS 1.x resource partner trusts to AD FS 2.0 relying party trusts

  • AD FS 1.x application to AD FS 2.0 relying party trusts

  • AD FS 1.x claim mappings to AD FS 2.0 claim rules

For more information, see Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0.