Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0

Updated: August 18, 2011

Applies To: Active Directory Federation Services (AD FS) 2.0

This checklist includes the tasks that are necessary to migrate all the required settings from your existing Active Directory Federation Services (AD FS) 1.x Federation Service to a new AD FS 2.0 Federation Service.

When you finish the tasks in this checklist, your AD FS migration is complete and you will be ready to roll out your new AD FS 2.0 deployment in your production environment.

noteNote
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist Checklist: Migrating Settings in the AD FS 1.x Federation Service to AD FS 2.0

 

  Task Reference
Checkbox

Before you begin migrating Federation Service settings, review conceptual information in the AD FS 2.0 Design Guide and make sure that you have prepared a federation server with AD FS 2.0 software.

Conceptual topic Planning a Migration to AD FS 2.0

Checklist: Preparing a New AD FS 2.0 Federation Server for Migration

Checkbox

If the AD FS 1.x Federation Service has a token-signing certificate that was issued by a trusted certification authority (CA) and you want to reuse it, you will have to export it from AD FS 1.x. When the certificate has been saved to a file, use the link to the right to add it to the AD FS 2.0 Federation Service.

If your AD FS 1.x deployment is using a self-signed token-signing certificate, this task of exporting the certificate is not necessary because AD FS 2.0 is configured to use a self-signed certificate by default.

Conceptual topic Export the private key portion of a token-signing certificate

Conceptual topic Add a Token-Signing Certificate

Checkbox

(Optional) If you require additional encryption of communications, you can also add a token-decryption certificate to the Federation Service.

Conceptual topic Add a Token-Decrypting Certificate

Checkbox

On one of the federation servers running AD FS 1.x from which you will be migrating settings, complete the procedure in the link to the right to record and migrate existing AD FS 1.xsettings to equivalent AD FS 2.0 Federation Service settings.

Migrate AD FS 1.x Federation Service Settings to the AD FS 2.0 Federation Service

Checkbox

Using the Active Directory Federation Services snap-in on a federation server running AD FS 1.x, complete the procedure in the link to the right to record pertinent account partner settings in the AD FS 1.x Federation Service and migrate those settings to equivalent claims provider trust settings in the AD FS 2.0 Federation Service.

Repeat this procedure for each account partner trust that resides in the AD FS 1.x Federation Service until all account partners have been migrated.

Migrate an Account Partner to a Claims Provider Trust in the AD FS 2.0 Federation Service

Checkbox

Using the Active Directory Federation Services snap-in on a federation server running AD FS 1.x, complete the procedure in the link to the right to record pertinent resource partner settings in the AD FS 1.x Federation Service and migrate those settings to equivalent relying party trust settings in the AD FS 2.0 Federation Service.

Repeat this procedure for each resource partner trust that resides in the AD FS 1.x Federation Service until all resource partners have been migrated.

Conceptual topic Migrate a Resource Partner to a Relying Provider Trust in the AD FS 2.0 Federation Service

Checkbox

Using the Active Directory Federation Services snap-in on a federation server running AD FS 1.x, complete the procedure in the link to the right to record pertinent resource partner settings in the AD FS 1.x Federation Service and migrate those settings to equivalent relying party trust settings in the AD FS 2.0 Federation Service.

Repeat this procedure for each application that resides in the AD FS 1.x Federation Service until all applications have been migrated.

Conceptual topic Migrate an Application to a Relying Party Trust in the AD FS 2.0 Federation Service

Checkbox

Using the AD FS 2.0 Management snap-in, in the EndPoints node make sure that the following two endpoints are enabled. These endpoints are important for interoperating with AD FS 1.x Web applications:

  • https://<example.com>/adfs/ls/

  • https://<example.com>/adfs/fs/federationserverservice.asmx

N/A

Checkbox

Before you decommission all AD FS 1.x federation servers, consider leaving at least one of AD FS 1.x federation servers intact for a few days on the rare chance that you experience mission-critical compatibility issues with the AD FS 2.0 deployment.

N/A

Community Additions

ADD
Show: