Forum Discussion

Peter Holland's avatar
Peter Holland
Iron Contributor
Jan 26, 2018

ADFS Device Registration cross forest

Hi all,

 

is it possible to do device registration (and claims) across a forest trust?

 

it looks to me like it isnt possible due to the limitation of the Enable-AdfsDeviceRegistration -DeviceLocation command being "a domain within the same forest"

 

is there any other way to make this work cross forest? or is this a scenario for additional ADFS farms or moving to Azure AD registration and authentication?

(tagged ADFS 2016, its actually 2012 R2)

 

Thanks 

Pete

ADFS
Authentication
On-Premises
  • Erick Nwanshi's avatar
    Erick Nwanshi
    Copper Contributor
    Mar 08, 2018

    Hi Peter,

     

    Not sure if you found the answer to your question; basically registered devices are stored in a single location - which is the one you specify for -DeviceLocation.

    This should not impact your cross-forest scenario. Unfortunately, as always with everything ADFS, documentation on not-too-standard deployments is thin...

     

     

    Regards,

    Erick

Resources