Forum Discussion
ADFS 2016 Requierements Schema
There is known issue with that.
The 2016 farm behavior level requires the ADDS 2016 schema (DC can be at a lower level, but the schema needs to be 2016). BUT, when you install a brand new farm from scratch using Windows Server 2016 it will show as the FBL is already 2016 regardless of the ADDS schema version. This, hopefully, should be corrected.
If you want to use the FBL 2016 you need ADDS 2016 Schema. So we cannot guarantee that the new features will be working as expected.
If you were doing an upgrade from an existing ADFS 2012 R2 farm, you would have not been able to upgrade the FBL until the ADDS schema is 2016.
MicrosoftThere is known issue with that.
The 2016 farm behavior level requires the ADDS 2016 schema (DC can be at a lower level, but the schema needs to be 2016). BUT, when you install a brand new farm from scratch using Windows Server 2016 it will show as the FBL is already 2016 regardless of the ADDS schema version. This, hopefully, should be corrected.
If you want to use the FBL 2016 you need ADDS 2016 Schema. So we cannot guarantee that the new features will be working as expected.
If you were doing an upgrade from an existing ADFS 2012 R2 farm, you would have not been able to upgrade the FBL until the ADDS schema is 2016.
So is i have an ADFS 2012 R2 with 2012 R2 AD
and want to add a completely separate ADFS 2016 Farm to the same AD (Different farm name ) then i could? it would be ok with the 2012 schema level? it would just think its running a higher schema level?
thanks
Jay
- Pié
You can install several farms in the same domain/forest. As long as they have different FQDNs and IDs, they do not conflict from an federation perspective. You might consider using a different service account (or gMSA) though. Then if you need to do an operation on the service account itself, it does not impact the two farms.
However, all farms of the ADDS forest will share the same Device Registration Service (DRS)configuration as it is a forest wide setting (stored in the configuration partition). If you do not use DRS, or plan to use it only on one farm, they you don't really mind.
Regarding the schema requirement, it is the same as previously mentioned. In other words, you need the 2016 ADDS schema to use the FBL 2016 of your farm. You do not need Windows Server 2016 domain controllers but you need the schema. If you do not have the schema, some of the feature that come with the 2016 FBL will not work. To be on a supported 2016 FBL, you need a 2016 ADDS schema.
Hope this helps!
Thanks Pierre for your help.
Issue that i have is that we have one AD on 2012 R2 Schema 69 with ADFS 2012 R2.
He have a new ADFS 2016 server with ADFS and wish to add it to the same AD.
We cant raise the Schema yet, but wondering whether ADFS 2016 would work at all on an AD 2012 R2 schema 69. I think from what i have read in the responses is that it should work, but without the latest features. Im wondering whether ADFS 2016 would think its running at FBL 2016 automatically on a fresh install and whether it would cause any issues
and could i lower the farm level to 2012 on the ADFS 2016 server?