将 Active Directory 联合身份验证服务角色服务迁移到 Windows Server 2012

适用于： Windows Server 2008,Windows Server 2008 R2,Windows Server 2012

<_caps3a_sxs _xmlns3a_caps="https://schemas.microsoft.com/build/caps/2013/11"><_caps3a_sxstarget locale="zh-CN">关于本指南本指南提供如何将以下角色服务迁移到随 Windows Server 2012 一起安装的 Active Directory 联合身份验证服务 (AD FS) 的说明：随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 基于 Windows 令牌的代理和 AD FS 1.1 声明感知代理在 Windows Server 2008 或 Windows Server 2008 R2 上安装的 AD FS 2.0 联合服务器和 AD FS 2.0 联合服务器代理目标受众负责整个组织中的计算机管理和安全的 IT 架构师负责网络、服务器、客户端计算机、操作系统或应用程序的日常管理和故障排除的 IT 操作工程师负责网络和服务器管理的 IT 运营经理支持的迁移方案本指南中的迁移说明包括以下任务：从运行 Windows Server 2008 或 Windows Server 2008 R2 的服务器导出 AD FS 2.0 配置数据将此服务器的操作系统从 Windows Server 2008 或 Windows Server 2008 R2 就地升级为 Windows Server 2012在此服务器（现在正在运行随 Windows Server 2012 一起安装的 AD FS 服务器角色）上重新创建原始 AD FS 配置，并还原剩余的 AD FS 服务设置。本指南不包括迁移运行多个角色的服务器的相关说明。 如果你的服务器正在运行多个角色，则建议你根据其他角色迁移指南中提供的信息，设计一个特定于你的服务器环境的自定义迁移过程。 如需有关其他角色的迁移指南，请参阅 Windows Server 迁移门户https://go.microsoft.com/fwlink/?LinkId=247608。支持的操作系统源服务器处理器源服务器操作系统目标服务器操作系统目标服务器处理器基于 x86 或基于 x64带 Service Pack 2 的 Windows Server 2003Windows Server 2012 或 Windows Server 2008 R2（使用服务器核心安装选项和完全安装选项安装）基于 x64基于 x86 或基于 x64Windows Server 2003 R2基于 x86 或基于 x64Windows Server 2008，完全安装选项和服务器核心安装选项基于 x64Windows Server 2008 R2基于 x64的服务器核心安装选项 Windows Server 2008 R2基于 x64使用服务器核心安装选项和完全安装选项安装的 Windows Server 2012上表中列出的操作系统版本是所支持的操作系统和 Service Pack 的最旧组合。支持将 Foundation、Standard、Enterprise 和 Datacenter 版本的 Windows Server 操作系统作为源服务器或目标服务器。支持在物理操作系统和虚拟操作系统之间迁移。支持的 AD FS 角色服务和功能下表描述了本指南中介绍的 AD FS 角色服务迁移方案及其相关的设置。从到随 Windows Server 2012 一起安装的 AD FS随 Windows Server 2003 R2 一起安装的 AD FS 1.0 联合服务器不支持迁移随 Windows Server 2003 R2 一起安装的 AD FS 1.0 联合服务器代理不支持迁移随 Windows Server 2003 R2 一起安装的 AD FS 1.0 基于 Windows 令牌的代理不支持迁移随 Windows Server 2003 R2 一起安装的 AD FS 1.0 声明感知代理不支持迁移随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 联合服务器不支持迁移随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 联合服务器代理不支持迁移随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 基于 Windows 令牌的代理支持在同一服务器上的迁移，但所迁移的 AD FS 基于 Windows 令牌的代理仅在随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 联合身份验证服务下运行。 有关更多信息，请参阅：Migrate the AD FS 1.1 web agents Interoperating with AD FS 1.x 随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 声明感知代理支持在同一台服务器上迁移。 迁移的 AD FS 1.1 声明感知 Web 代理将与以下内容一起运行：随 Windows Server 2008 或 Windows Server 2008 R2 一起安装的 AD FS 1.1 联合身份验证服务Windows Server 2008 或 Windows Server 2008 R2 上安装的 AD FS 2.0 联合身份验证服务随 Windows Server 2012 一起安装的 AD FS 联合身份验证服务有关更多信息，请参阅：Migrate the AD FS 1.1 web agents Interoperating with AD FS 1.x Windows Server 2008 或 Windows Server 2008 R2 上安装的 AD FS 2.0 联合服务器支持在同一台服务器上迁移。 有关更多信息，请参阅：Prepare to Migrate the AD FS 2.0 Federation Server Migrate the AD FS 2.0 Federation Server 在 Windows Server 2008 或 Windows Server 2008 R2 上安装的 AD FS 2.0 联合服务器代理支持在同一台服务器上迁移。 有关详细信息，请参阅：Prepare to Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 2.0 Federation Server Proxy Prepare to Migrate the AD FS 2.0 Federation Server Prepare to Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 2.0 Federation Server Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 1.1 web agents <_caps3a_sxssource locale="en-US">About this guideThis guide provides instructions to migrate the following role services to Active Directory Federation Services (AD FS) that is installed with Windows Server 2012:AD FS 1.1 Windows token-based agent and AD FS 1.1 claims-aware agent installed with Windows Server 2008 or Windows Server 2008 R2AD FS 2.0 federation server and AD FS 2.0 federation server proxy installed on Windows Server 2008 or Windows Server 2008 R2Target audienceIT architects who are responsible for computer management and security throughout an organizationIT operations engineers who are responsible for the day-to-day management and troubleshooting of networks, servers, client computers, operating systems, or applicationsIT operations managers who are accountable for network and server managementSupported migration scenariosThe migration instructions in this guide consist of the following tasks:Exporting the AD FS 2.0 configuration data from your server that is running Windows Server 2008 or Windows Server 2008 R2Performing an in-place upgrade of the operating system of this server from Windows Server 2008 or Windows Server 2008 R2 to Windows Server 2012Recreating the original AD FS configuration and restoring the remaining AD FS service settings on this server, which is now running the AD FS server role that is installed with Windows Server 2012.This guide does not include instructions to migrate a server that is running multiple roles. If your server is running multiple roles, we recommend that you design a custom migration process specific to your server environment, based on the information provided in other role migration guides. Migration guides for additional roles are available on the Windows Server Migration Portalhttps://go.microsoft.com/fwlink/?LinkId=247608.Supported operating systemsSource server processorSource server operating systemDestination server operating systemDestination server processorx86- or x64-basedWindows Server 2003 with Service Pack 2Windows Server 2012 or Windows Server 2008 R2 (Server Core and full installation options)x64-basedx86- or x64-basedWindows Server 2003 R2x86- or x64-basedWindows Server 2008, both full and Server Core installation optionsx64-basedWindows Server 2008 R2x64-basedServer Core installation option of Windows Server 2008 R2x64-basedServer Core and full installation options of Windows Server 2012The versions of operating systems that are listed in the preceding table are the oldest combinations of operating systems and service packs that are supported.The Foundation, Standard, Enterprise, and Datacenter editions of the Windows Server operating system are supported as the source or the destination server.Migrations between physical operating systems and virtual operating systems are supported.Supported AD FS role services and featuresThe following table describes the migration scenarios of the AD FS role services and their respective settings that are described in this guide.FromTo AD FS installed with Windows Server 2012AD FS 1.0 federation server installed with Windows Server 2003 R2Migration is not supportedAD FS 1.0 federation server proxy installed with Windows Server 2003 R2Migration is not supportedAD FS 1.0 Windows token-based agent installed with Windows Server 2003 R2Migration is not supportedAD FS 1.0 claims-aware agent installed with Windows Server 2003 R2)Migration is not supportedAD FS 1.1 federation server installed with Windows Server 2008 or Windows Server 2008 R2Migration is not supportedAD FS 1.1 federation server proxy installed with Windows Server 2008 or Windows Server 2008 R2Migration is not supportedAD FS 1.1 Windows token-based agent installed with Windows Server 2008 or Windows Server 2008 R2Migration on the same server is supported, but the migrated AD FS Windows token-based agent will function only with an AD FS 1.1 federation service installed with Windows Server 2008 or Windows Server 2008 R2. For more information, see:Migrate the AD FS 1.1 web agents Interoperating with AD FS 1.x AD FS 1.1 claims-aware agent installed with Windows Server 2008 or Windows Server 2008 R2)Migration on the same server is supported. The migrated AD FS 1.1 claims-aware web agent will function with the following:AD FS 1.1 federation service installed with Windows Server 2008 or Windows Server 2008 R2AD FS 2.0 federation service installed on Windows Server 2008 or Windows Server 2008 R2AD FS federation service installed with Windows Server 2012For more information, see:Migrate the AD FS 1.1 web agents Interoperating with AD FS 1.x AD FS 2.0 federation server installed on Windows Server 2008 or Windows Server 2008 R2Migration on the same server is supported. For more information, see:Prepare to Migrate the AD FS 2.0 Federation Server Migrate the AD FS 2.0 Federation Server AD FS 2.0 federation server proxy installed on Windows Server 2008 or Windows Server 2008 R2Migration on the same server is supported. For more information see:Prepare to Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 2.0 Federation Server Proxy Prepare to Migrate the AD FS 2.0 Federation Server Prepare to Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 2.0 Federation Server Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 1.1 web agents