This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 61%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hi
We have moved from ADFS to PTA managed about 3 months ago.
I have now around 6 x ADFS Infrastructure servers still running (DMZ and internal network).
How should I be decommissioning these servers? Could be as simple as Power off?
How can I remove the ADFS health check from the Azure portal?
Thanks M
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@SenhorDolas : I wanted to follow up and know if the above response helped in answering your query. If it did, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the below response helped in answering your query.
Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.
@SenhorDolas Thanks for reaching out. Since you have already moved to PTA for about 3 months, you would have already validated that your AAD/Office 365 authentication is working fine without ADFS now.
I am assuming that since you are having discussion about decommissioning the ADFS servers, there will not be any other replying parties which are still dependent on ADFS for facilitating the Authentication. (bust just to be sure, please verify that there is no relying party (Replying Part Trusts) which is still present in the ADFS). Also checking ADFS Application event logs would be the first thing to make sure no other services are using it, Ideally you should not see any login failures or success as that would mean this is still being used for something.
Once above is verified, you can take following steps (assuming the ADFS servers are not used for anything else now):
1) You will need to make sure to remove there ADFS entries from any of the load balancers (internal as well as external) you might have configured for them.
2) Delete any corresponding DNS entries for ADFS servers in your environment.
3) On the primary ADFS server run (Get-ADFSProperties) and look for CertificateSharingContainer. Keep a note of this DN, as you will need to delete it near the end of the installation (after a few reboots and when it is not available any more)
• Remove the content in this DN using ADSI Edit after uninstallation.
4) Uninstall the WAP (Proxy) Servers.
• Login to each WAP server, open the Remote Access Management Console and look for published web applications.
• Remove any related to ADFS that are not being used any more.
• When all the published web applications are removed, uninstall WAP with the following Remove-WindowsFeature Web-Application-Proxy,CMAK,RSAT-RemoteAccess.
5) Uninstall the ADFS Servers.
• Starting with the secondary nodes, uninstall ADFS with Remove-WindowsFeature ADFS-Federation,Windows-Internal-Database
• After this run del C:\Windows\WID\data\adfs* to delete the database files and
6) You can now safely delete your ADFS Account.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.
Hi @VipulSparsh-MSFT - Thank you for your reply.
I think we are half way there then. I have stopped my ADFS service a while back and we had no issue reported.
When I run a Get-ADFS -properties I get an error and I can't access the MMC to check 3rd party
1) I have removed the ADFS servers from all LBS already
2) This will be done when I run the server decommission procedure
3) See my pic above - the service is not running on the network ADFS servers anymore. Is it really required to delete the DN from ADSI Edit?
4) & 5) The WAP and ADFS servers are dedicated servers (no other services running on them) - can I simply power off and delete after sometime or is it really required to uninstall the services?
5) Where do I delete my ADFS account from? Azure or on-prem AD?
Thanks, M
@SenhorDolas Thats fine then, as you have stopped the ADFS Service, you would not be able to run that command to get the ADFS properties. Since its already been sometime after stopping ADFS, you would not have other replying parties as you would have been contacted otherwise.
Just follow the other steps and do the cleanup where ever applicable.
@VipulSparsh-MSFT
Please let me know about steps 4 and 5 - are these required?
Also from where should I delete my ADFS account from?
@SenhorDolas Steps 4 and 5 are required only if you want to use them as other servers, but if you do not have any such plans you can surely just go ahead and power off and remove at some point later. This would not cause any issue.
By ADFS account, I meant the ADFS service account which is specially created in some org as a dedicated service account which is used to run the ADFS service. Its optional thing, many don't want to keep any service account in their AD with no use, better to delete it.
-----------------------------------------------------------------------------------------------------------------
If any of the suggested response helped you resolve your issue, do click on "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.
@SenhorDolas I wanted to follow up and know if the above response helped in answering your query. If it did, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
@VipulSparsh-MSFT
Any news on my question please?