AD FS Migration to a new domain

Michael Neal 1 Reputation point
2021-03-30T14:39:37.273+00:00

Performing a domain migration. We have an AD FS farm with over 150 relying party trusts configured. I have two questions.

  1. With a domain trust configured. Can I still authenticate through AD FS on the originating domain after a user is migrated to the new domain?
  2. Is there a more efficient way of migrating all of the trusts to a new AD FS farm in the new domain without having to coordinate and reconfigure150+ configurations?
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,189 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
    2021-04-03T17:18:14.803+00:00
    1. As long as you have an Active Directory bi-directional trust, you will be able to authenticate with users on both side. Even after the user has been migrated.
    2. You can script things, but if you are creating a new farm, then all the applications also have to change to reference the new farm name, URIs and certificates.
    0 comments