Description:
You want to upgrade existing ADFS and ADFS Proxy (WAP) to new version in new machines.
Resolution:
- Export the existing SSL Certificate with Private Key
- Import the SSL Certificate with Private Key on new ADFS and ADFS Proxy machines
- Install the AD FS Role using Server Manager on the new machines
- Configure AD FS using Server Manager > Will need Domain Admin Account and Service Account for ADFS
- Move the Primary ADFS Role to the new ADFS machine
- To check the role, please run: Get-AdfsSyncProperties
- On the new primary machine, please run:
Set-AdfsSyncProperties -Role PrimaryComputer
- On the old ADFS primary machine, please run:
Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName FQDNnewADFS
- Demote the old ADFS machines
- Raise the ADFS Farm Behavior Level (FBL)
- Please run the following
- Get-AdfsFarmInformation
- Invoke-adfsfarmbehaviorlevelraise
- Change DNS Record to point to the new AD FS Server
- Test access and authentication to new ADFS
https://adfs.fabrikam.com/adfs/ls/idpinitiatedsignon.aspx
- Install Web Application Proxy Role using Server Manager on the new machines
- Configure WAP using Server Manager > Will need local administrator account on the federation servers
- Verifying the trust with the AD FS farm
- Navigate to Applications and Services Logs > AD FS > Admin
- You should be able to see an event with ID 245