Exchange and ADFS

Question

Hello

I have Exchange 2016 hybrid with federated domain and 2 ADFS + 2 WAP servers .

I want to extend the whole setup to DR site , How can i do DR for ADFS and WAP servers?

what are the required setup for ADFS and DR in DR site and the changes required on Exchange servers?

Answer 1

Please specify the following:

• Do you federate Exchange and ADFS directly for OWA, or do you have an Exchange Online environment and your AD FS to for all Office 365 workload, not only Exchange.

Federation with all office 365 workload

• What version of AD FS are you using?

ADFS 2016

• Is there any reason why you want to still use AD FS as opposed as other authentication methods which do not have the same challenges in terms of high availability?

According security regulation , The security process should happen in Onprmise

Answer 2

Please find answers:

• Federation with all office 365 workload
• • ADFS 2016
• • According security regulation , The security process should happen in Onprmise

Answer 3

By "security process" you mean authentication I suppose? PTA offers a way to keep the authentication on-premises without having to maintain an AD FS infrastructure: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta

If you want to stay with AD FS, you can add multiple AD FS and WAP server to a farm. We do publish some guidance on how to install a part on that in Azure to increase your availability, you might want to have a look there:

• Deploying Active Directory Federation Services in Azure
• High availability cross-geographic AD FS deployment in Azure with Azure Traffic Manager

You might also want to consider monitoring the AD FS servers with Azure AD Connect Health agents: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs.

Answer 4

So ADFS Farm can be extended through multiple AD sites?