To take benefit of new features provided by AD FS 2016/2019, an AD FS 3.0 deployment must be upgraded following specific steps to avoid service disruption.
The upgrade procedure is pretty straightforward and it doesn't require any service downtime.
The steps involved in the upgrade procedure are the following:
- Add a new Windows Server 2016 and install the AD FS role
- Configure AD FS service in the new server
- Move the FBL to the new server
- Remove old server from the AD FS farm
- Upgrade to FBL Server 2016
Although the upgrade procedure uses Windows Server 2016 as a reference, steps are similar also for the upgrade to Windows Server 2019.
Install the AD FS role to the new server
From Server Manager click Manage > Add Roles and Features. Click Next to begin with the role installation.
This article has been written for StarWind blog and can be found in this page. It covers the full procedure to upgrade AD FS 3.0 to Windows Server 2016/2019 version with no service disruption.
Move the Farm Behavior Levels (FBL) to the new Server 2016
Introduced in AD FS for Windows Server 2016, the Farm Behavior Level (FBL) is a farm-wide setting that determines the features the AD FS farm can use.
Run the following command to make the Server 2016 as PrimaryComputer.
PS C:\> Set-AdfsSyncProperties -Role PrimaryComputer
Now verify the Server 2016 role has been assigned successfully.
PS C:\> Get-AdfsSyncProperties
In the Windows Server 2012 R2 run the command:
PS C:\> Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName <adfs_server_name>
Now verify the Windows Server 2012 R2 Role has been changed to SecondaryComputer.
PS C:\> Get-AdfsSyncProperties
The following command in the Server 2016 will show the current AD FS farm information with the exception of old versions:
PS C:\> Get-AdfsFarmInformation
Read the full article on StarWind blog.
Will this also migrate any customization that was done to ADFS, from the primary server to the to-be primary server?