If you are looking to migrate those apps to Azure AD [https://www.microsoft.com/en-us/security/business/identity-access/upgrade-adfs & [https://techcommunity.microsoft.com/t5/community-events-list/microsoft-workshops-how-to-successfully-migrate-away-from-ad-fs/m-p/3668480
How do I sync my on-prem ADFS server certificates with Azure ADFS? or vice versa.
Timothy Lee
1
Reputation point
We have an on-prem ADFS server and Azure ADFS servers, currently the AZURE ones have priority on the LB but I checked our on-prem on and the Token-Signing and Token-Decrypting certificates are different on each server, seems like AutoCertificateRollover ran independently of each other and now I have mismatching certs, the secondary certs are the same on both sets of servers, however the primary (new auto created certs) have different thumbprints on them.
I guess I have 2 questions,
- Does it matter that the certificates are not the same?
- How do I sync them? I've tried running Update-AdfsCertificate -CertificateType Token-Decrypting -Urgent and Update-AdfsCertificate -CertificateType Token-Signing -Urgent then running Update-MsolFederatedDomain -DomainName <domain> -SupportMultipleDomain on the on-prem ADFS server but that didn't update the certs in AZURE and now they are completely different...
Any help would be much appreciated,
Thanks,
Tim
1 answer
Sort by: Most helpful
-
Mark Morowczynski 251 Reputation points Microsoft Employee
2023-01-22T14:46:50.4233333+00:00