Checklist: Preparing a New AD FS 2.0 Federation Server Proxy for Migration

Updated: May 5, 2005

Applies To: Active Directory Federation Services (AD FS) 2.0

This checklist includes the tasks that are necessary to prepare a new computer for migration of the federation server proxy role from a pre-existing Active Directory Federation Services (AD FS) 1.x deployment to AD FS 2.0.

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Preparing a New AD FS 2.0 Federation Server Proxy for Migration

 

  Task Reference
Checkbox

Before you begin preparing this computer, review conceptual information in the AD FS 2.0 Design Guide about migrating to AD FS 2.0.

Conceptual topic Planning a Migration to AD FS 2.0

Checkbox

Set up a fresh Windows Server 2008 or Windows Server 2008 R2 computer that will become the destination federation server proxy running AD FS 2.0.

N/A

Checkbox

Export the server authentication certificate that is currently bound to the Default Web Site in Internet Information Services (IIS) on one of the AD FS 1.x federation server proxies to a file, and then import the file to the Default Web Site in IIS on the new AD FS 2.0 federation server proxy.

Conceptual topic Export the private key portion of a server authentication certificate

Conceptual topic Import a Server Authentication Certificate to the Default Web Site

Checkbox

Install AD FS 2.0 on the new Windows Server 2008 computer. When you are prompted for which server role to choose, select the federation server proxy role.

noteNote
AD FS 2.0 can be installed only on computers running the Windows Server 2008 or Windows Server 2008 R2 operating system.

Conceptual topic Install the AD FS 2.0 Software

Checkbox

Use the AD FS 2.0 Federation Server Proxy Configuration Wizard to configure the new Windows Server 2008 computer as an AD FS 2.0 federation server proxy.

Conceptual topic Configure a Computer for the Federation Server Proxy Role

Checkbox

(Optional) Depending on the needs of your organization, enable or disable endpoints for the federation server proxy using the Endpoints node in the AD FS 2.0 Management snap-in.

N/A

Checkbox

Update DNS host (A and AAAA) resource records to point to the new AD FS 2.0 federation server proxy IP address instead of the old AD FS 1.x federation server proxy IP address.

N/A

Checkbox

Retire the old AD FS 1.x server

N/A

Checkbox

Repeat the same steps on each new AD FS 2.0 federation server proxy that you want to join to the federation server proxy farm.

N/A

Community Additions

ADD
Show: