In this example, the powershell Cmdlets edit the VM NIC properties and change the subnet from one vNet to another vNet. Step1: Get Azure VM, NIC and Resource Group Properties. Stop-AzVM -Name “vm” -ResourceGroupName “RG01” $vm = Get-AzVm -Name “vm” … Continue reading
This article explains how you can deploy a hybrid Office 365 and Exchange on-premises environment with multiple Active Directory Forest. An organisation that utilizes an account forest and a resource forest to separate Active Directory accounts and Exchange servers in … Continue reading
Let’s paint a picture, you have an unique requirement to build multiple ADFS farms. you have a fully functional hybrid environment with EXO. you do not want to modify AAD connect and existing ADFS servers. But you want several SaaS applications use different ADFS farm with MFA but their identity is managed by the same Active Directory forest used by existing ADFS farm.
Here is the existing infrastructure:
- 1 single forest with multiple hybrid UPNs (domainA.com, domainB.com, domainC.com and many…)
- 2x ADFS servers (sts1.domainA.com)
- 2X WAP 2012 R2 cluster
- 1x AAD Connect
- 1X Office 365 Tenant with several federated domains (domainA.com, domainB.com, domainC.com and many….)
- 1x public CNAME sts1.domainA.com
Above configuration is working perfectly.
Now you would like to build a separate ADFS 2016 farm with WAP 2016 cluster for SaaS applications. This ADFS 2016 farm will be dedicated to authenticate these SaaS applications. you would also like to turn on MFA on ADFS 2016. Add new public authentication endpoint such as sts2.domainA.com for ADFS 2016 farm.
End goal is that once user hit https://tenant.SaaSApp.com/ it will redirect them to sts2.domain.com and prompt for on-prem AD credentials and MFA if they are accessing from public network.
New ADFS 2016 infrastructure in the same forest and domain:
- 2X ADFS 2016 Servers (sts2.domainA.com)
- 2X WAP 2016 Servers
- 1 X separate public IP for sts2.domainA.com
- 1X public CNAME for sts2.domainA.com
- 1X Private CNAME for sts2.domainA.com
Important Note: You have to prepare Active Directory schema to use ADFS 2016 functional level. No action/tasks necessary in existing ADFS 2012 R2 environment.
Guidelines and referrals to build new environment.