It’s been a while since the last post. Currently, the writer is involved in multi-national Cloud projects.
My colleague Marc Terblanche posted an awesome blog post on how to deploy AD FS 3.0 and WAP highly available using only PowerShell under 10 minutes.
After we have AD FS 3 and WAP running in new environment. We need to get the current SSL cerfificate used by AD FS 2 and export it to new AD FS 3
Exported the SSL certificate used by the current AD FS 2 server:
3. After export the certificate to *.PFX and get the password. Import the certificate to new AD FS 3 server certificate local store.
Run cmdlet below to set imported SSL certificate to AD FS 3 server:
Set-AdfsSSLcertificate -Thumbprint “xxxxxxxxxx”
Check whether the certificate is successfully updated
4. Install Azure AD Module. Follow TechNet link for step by step Connect to MS Online services on new AD FS 3 server.
5. Connect AD FS 3 server with Office365 tenant by using MSOL PS command: Connect-MSOLservice . Use Office365 global admin account and password
6. Run cmdlet : Set-MsolADFSContext -computer ADFS3.wasita.net
*ADFS3.wasita.net is AD FS 3 server FQDN
7. Run cmdlet below to update the Office365
Update-MsolFederatedDomain -DomainName adfs.wasita.net –SupportMultipleDomain
Note: Use PowerShell to change AD FS SSL certificate, do not use GUI on AD FS Management. Using AD FS Management GUI won’t replace the AD FS certificate. Not sure if this is a bug on AD FS 3.0. Previously we need to change the certificate binding on IIS for AD FS 2