Checklist: Preparing a New AD FS 2.0 Federation Server for Migration

Updated: May 5, 2010

Applies To: Active Directory Federation Services (AD FS) 2.0

This checklist includes the tasks that are necessary to prepare a new computer for migration of the federation server role from a pre-existing Active Directory Federation Services (AD FS) 1.x deployment to AD FS 2.0.

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Preparing a New AD FS 2.0 Federation Server for Migration

 

  Task Reference
Checkbox

Before you begin preparing this computer, review conceptual information in the AD FS 2.0 Design Guide about migrating to AD FS 2.0.

Conceptual topic Planning a Migration to AD FS 2.0

Checkbox

Set up a fresh Windows Server 2008 or Windows Server 2008 R2 computer that will become the destination federation server running AD FS 2.0.

N/A

Checkbox

Export the server authentication certificate that is currently bound to the Default Web Site in IIS on one of the AD FS 1.x federation servers to a file, and then import the file to the Default Web Site in Internet Information Services (IIS) on the new AD FS 2.0 federation server.

Later, this certificate will be automatically selected when you run the AD FS 2.0 Federation Server Configuration Wizard and will be set as the service communication certificate in the Federation Service.

Conceptual topic Export the private key portion of a server authentication certificate

Conceptual topic Import a Server Authentication Certificate to the Default Web Site

Checkbox

If you were using customized default Web pages for client logons during your AD FS 1.x deployment, copy these pages to the corresponding location in the %systemdrive%\inetpub\adfs\ls\ directory on the new AD FS 2.0 federation server to preserve the client logon experience.

N/A

Checkbox

Install AD FS 2.0 on the new Windows Server 2008 computer. When you are prompted for the server role to choose, select the federation server role.

noteNote
AD FS 2.0 can be installed only on computers running the Windows Server 2008 or Windows Server 2008 R2 operating system.

Conceptual topic Install the AD FS 2.0 Software

Checkbox

If you are setting up a new AD FS 2.0 Federation Service for the first time, complete either of the following procedures using the links to the right, depending on the needs of your organization. If you are creating the first federation server in a farm procedure, you can use the same domain service account that you used in your AD FS 1.x deployment.

If you have set up your AD FS 2.0 Federation Service previously, skip this task.

Conceptual topic Create the First Federation Server in a Federation Server Farm

Conceptual topic Create a Stand-Alone Federation Server

Checkbox

If you are joining a new AD FS 2.0 federation server to an existing AD FS 2.0 Federation Service, complete the procedure in the link to the right. When you complete this procedure, there is no need to follow the remaining steps in this checklist.

Conceptual topic Add a Federation Server to a Federation Server Farm

Checkbox

Complete the tasks in the checklist to the right to begin migrating settings from your existing AD FS 1.x Federation Service to the AD FS 2.0 Federation Service.

Checklist topic Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0

Checkbox

Update DNS A and AAAA records to point to the new AD FS 2.0 federation server IP address, instead of the old AD FS 1.x federation server IP address

N/A

Checkbox

Retire the old AD FS 1.x federation server

N/A

Checkbox

(Optional) Reuse the static IP address that is assigned to the retired federation server and update DNS records accordingly.

N/A

Checkbox

Repeat the same steps on each new AD FS 2.0 federation server that you want to join to the federation server farm.

N/A

Community Additions

ADD
Show: