Edit

Share via

Migrate an AD FS 2.0 WID farm

  • Article

This document provides detailed information on migrating an AD FS 2.0 Windows Internal Database (WID) farm to Windows Server 2012.

Migrate an AD FS WID farm

To migrate a WID farm to Windows Server 2012, perform the following procedure:

  1. For every node (server) in the WID farm, review and perform the procedures in Prepare to migrate a WID farm.

  2. Remove any non-primary nodes from the load balancer.

  3. Upgrade of the operating system on this server from Windows Server 2008 R2 or Windows Server 2008 to Windows Server 2012. For more information, see Installing Windows Server 2012.

Important

As the result of the operating system upgrade, the AD FS configuration on this server is lost and the AD FS 2.0 server role is removed. The Windows Server 2012 AD FS server role is installed instead, but it is not configured. You must create the original AD FS configuration and restore the remaining AD FS settings to complete the federation server migration.

  1. Create the original AD FS configuration on this server.

You can create the original AD FS configuration by using the AD FS Federation Server Configuration Wizard to add a federation server to a WID farm. For more information, see Add a Federation Server to a Federation Server Farm.

Note

When you reach the Specify the Primary Federation Server and a Service Account page in the AD FS Federation Server Configuration Wizard, enter the name of the primary federation server of the WID farm and be sure to enter the service account information that you recorded while preparing for the AD FS migration. For more information, see Prepare to Migrate the AD FS 2.0 Federation Server.

When you reach the Specify the Federation Service Name page, be sure to select the same SSL certificate you recorded in the “Prepare to migrate a WID farm” in Prepare to Migrate the AD FS 2.0 Federation Server.

  1. Update your AD FS webpages on this server. If you backed up your customized AD FS webpages while preparing for the migration, you need to use your backup data to overwrite the default AD FS webpages that were created by default in the %systemdrive%\inetpub\adfs\ls directory as a result of the AD FS configuration on Windows Server 2012.

  2. Add the server that you just upgraded to Windows Server 2012 to the load balancer.

  3. Repeat steps 1 through 6 for the remaining secondary servers in your WID farm.

  4. Promote one of the upgraded secondary servers to be the primary server in your WID farm. To do this, open Windows PowerShell and run the following command: PSH:> Set-AdfsSyncProperties –Role PrimaryComputer.

  5. Remove the original primary server of your WID farm from the load balancer.

  6. Demote the original primary server in your WID farm to be a secondary server by using Windows PowerShell. Open Windows PowerShell and run the following command to add the AD FS cmdlets to your Windows PowerShell session: PSH:>add-pssnapin “Microsoft.adfs.powershell”. Then run the following command to demote the original primary server to be a secondary server: PSH:> Set-AdfsSyncProperties – Role SecondaryComputer –PrimaryComputerName <FQDN of the Primary Federation Server>.

  7. Upgrade of the operating system on this last node (server) in your WID farm from Windows Server 2008 R2 or Windows Server 2008 to Windows Server 2012. For more information, see Installing Windows Server 2012.

Important

As the result of upgrading the operating system, the AD FS configuration on this server is lost and the AD FS 2.0 server role is removed. The Windows Server 2012 AD FS server role is installed instead, but it is not configured. You must manually create the original AD FS configuration and restore the remaining AD FS settings to complete the federation server migration.

  1. Create the original AD FS configuration on this last node (server) in your WID farm.

You can create the original AD FS configuration by using the AD FS Federation Server Configuration Wizard to add a federation server to a WID farm. For more information, see Add a Federation Server to a Federation Server Farm.

Note

When you reach the Specify the Primary Federation server and a Service Account page in the AD FS Federation Server Configuration Wizard, enter the service account information that you recorded while preparing for the AD FS migration. For more information, see Prepare to Migrate the AD FS 2.0 Federation Server.

When you reach the Specify the Federation Service Name page, be sure to select the same SSL certificate you recorded in Prepare to Migrate the AD FS 2.0 Federation Server.

  1. Update your AD FS webpages on this last server in your WID farm. If you backed up your customized AD FS webpages while preparing for the migration, use your backup data to overwrite the default AD FS webpages that were created by default in the %systemdrive%\inetpub\adfs\ls directory as a result of the AD FS configuration on Windows Server 2012.

  2. Add this last server of your WID farm that you just upgraded to Windows Server 2012 to the load balancer.

  3. Restore any remaining AD FS customizations, such as custom attribute stores.

Next Steps

Prepare to Migrate the AD FS 2.0 Federation Server Prepare to Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 2.0 Federation Server Migrate the AD FS 2.0 Federation Server Proxy Migrate the AD FS 1.1 Web Agents