{"id":50425,"date":"2021-10-28T09:00:32","date_gmt":"2021-10-28T07:00:32","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=50425"},"modified":"2021-10-28T15:36:14","modified_gmt":"2021-10-28T13:36:14","slug":"decommission-adfs-after-migrating-to-azure-ad","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/decommission-adfs-after-migrating-to-azure-ad\/","title":{"rendered":"Decommission ADFS Office 365 after migrating to Azure AD"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-50465 size-full\" title=\"decommission-adfs-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-01.jpg\" alt=\"decommission-adfs-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>If the <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/authentication\/overview-authentication\" target=\"_blank\" rel=\"noopener\">Azure-based AD authentication<\/a> is fully working after migrating from ADFS, you need to decommission ADFS since is no longer required in your network.<\/p>\n<p>Before proceeding with the decommission procedure, you need to make sure that <strong>no services are still using ADFS<\/strong>.<!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Check the ADFS usage<\/h2>\n<p>Before proceeding with ADFS decommission, make sure the procedure to migrate ADFS to Azure AD has been <strong>completed and tested<\/strong>.<\/p>\n<p>From the <a href=\"https:\/\/nolabnoparty.com\/en\/upgrade-web-application-proxy-wap-for-adfs-2016-2019\/\">ADFS Server<\/a>, open the ADFS Console and go to <strong>Service &gt; Relying Party Trusts<\/strong>. Make sure the only <strong>Microsoft Office 365 identity Platform<\/strong> is listed. If other services are present, you <strong>need to dismiss<\/strong> them before proceeding with ADFS decommission. Microsoft Office 365 identity Platform is <strong>no longer used<\/strong> if you migrated to Azure AD authentication.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-50469\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-03-600x293.jpg\" alt=\"\" width=\"600\" height=\"293\" title=\"\"><\/p>\n<p>Run the following command to check if the <strong>domain is no longer Federated<\/strong> but Managed instead. If you migrated to Azure AD authentication, the domain should be <strong>indicated as Managed<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-50471\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-04.jpg\" alt=\"\" width=\"600\" height=\"157\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Decommission ADFS<\/h2>\n<p>To decommission the ADFS infrastructure you need to perform two main tasks:<\/p>\n<ul>\n<li>uninstall the WAP Server<\/li>\n<li>uninstall the ADFS Server<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h4>Uninstall the WAP Server<\/h4>\n<p>Access the <strong>Remote Access Management Console<\/strong> and locate published applications. <strong>Delete any ADFS related<\/strong> items no longer used. Right click the application to remove then select <strong>Remove<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-50473\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-05-600x192.jpg\" alt=\"\" width=\"600\" height=\"192\" title=\"\"><\/p>\n<p>The application has been removed.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-50475\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-06-600x196.jpg\" alt=\"\" width=\"600\" height=\"196\" title=\"\"><\/p>\n<p>This article has been written for\u00a0<a href=\"https:\/\/www.starwindsoftware.com\/blog\/\" target=\"_blank\" rel=\"noopener noreferrer\">StarWind blog<\/a>\u00a0and can be found in\u00a0<a href=\"https:\/\/www.starwindsoftware.com\/blog\/decommission-adfs-office-365-after-migrating-to-azure-ad\" target=\"_blank\" rel=\"noopener\">this page<\/a>. It covers the full procedure to\u00a0<strong>decommission ADFS Office 365 after migrating to Azure AD<\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<h2>Cleanup the environment<\/h2>\n<p>Open <strong>Active Directory Users and Computers<\/strong> and expand <strong>Domain &gt; Program Data &gt; Microsoft<\/strong> item. You may need to enable <strong>Advanced <\/strong>from <strong>Action<\/strong> menu to display <em>Program Data<\/em>. Right click <strong>ADFS<\/strong> and select <strong>Delete<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-50515\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-26-600x590.jpg\" alt=\"\" width=\"600\" height=\"590\" title=\"\"><\/p>\n<p>Click <strong>Yes<\/strong> to confirm.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-50517\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2021\/08\/decommission-adfs-27.jpg\" alt=\"\" width=\"388\" height=\"281\" title=\"\"><\/p>\n<p>To finalize the cleanup process, make sure to remove the following:<\/p>\n<ul>\n<li>Remove all the related ADFS entries from <strong>public and private DNS<\/strong>.<\/li>\n<li>Remove the ADFS <strong>service account<\/strong> from Active Directory.<\/li>\n<li>Remove Internet to WAP and WAP to ADFS <strong>firewall rules<\/strong> (TCP 443) and <strong>NAT settings<\/strong>.<\/li>\n<\/ul>\n<p>The ADFS infrastructure has been decommissioned and all the <strong>authentication processes<\/strong> are managed directly in Azure AD.<\/p>\n<p>Read the\u00a0<a href=\"https:\/\/www.starwindsoftware.com\/blog\/decommission-adfs-office-365-after-migrating-to-azure-ad\" target=\"_blank\" rel=\"noopener noreferrer\">full article<\/a>\u00a0on StarWind blog.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If the Azure-based AD authentication is fully working after migrating from ADFS, you need to decommission ADFS since is no longer required in your network. Before proceeding with the decommission procedure, you need to make sure that no services are still using ADFS.<\/p>\n","protected":false},"author":3,"featured_media":50465,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[913,1065,1721],"tags":[1570,1682,1043,1583],"class_list":["post-50425","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory-en","category-microsoft-en","category-office365-en","tag-adfs-en","tag-azure","tag-decommission-en","tag-office365","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/50425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=50425"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/50425\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/50465"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=50425"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=50425"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=50425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}