Home

Can I run ADFS running in Azure with AD on prem

%3CLINGO-SUB%20id%3D%22lingo-sub-808503%22%20slang%3D%22en-US%22%3ECan%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-808503%22%20slang%3D%22en-US%22%3E%3CP%3ECurrent%20setup%3C%2FP%3E%3CUL%3E%3CLI%3E1%20ADFS%20server%20on%20prem%3C%2FLI%3E%3CLI%3E1%20WAP%20server%20on%20prem%3C%2FLI%3E%3CLI%3E2%20domain%20controllers%20on%20prem%3C%2FLI%3E%3CLI%3EOffice%20365%20federated%20with%20ADFS%3C%2FLI%3E%3CLI%3E1%20Azure%20AD%20Connect%20server%20syncing%20AD%20to%20Azure%26nbsp%3B%3C%2FLI%3E%3CLI%3E1%20VPN%20to%20Azure%20(for%20testing%20at%20the%20moment)%3C%2FLI%3E%3C%2FUL%3E%3CP%3EI%20am%20looking%20for%20some%20advice%20on%20what%20to%20do%20with%20ADFS.%26nbsp%3B%20We%20would%20like%20to%20have%20some%20HA%20and%20DR%20in%20place.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20wondering%20if%20I%20could%20potentially%20either%20move%20my%20ADFS%20servers%20into%20Azure%20and%20host%20them%20their%20or%20have%20a%20DR%20site%20setup%20in%20Azure%20to%20failover%20to%20if%20we%20have%20issues.%26nbsp%3B%20I%20also%20like%20the%20idea%20of%20putting%20a%203rd%20domain%20controller%20in%20Azure%20for%20DR%20which%20if%20we%20migrated%20ADFS%20into%20Azure%20I%20am%20thinking%20we%20would%20need.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20way%20off%20base%20here%20on%20how%20we%20could%20leverage%20Azure%20for%20hosting%20this%3F%3C%2FP%3E%3CP%3EAm%20I%20better%20off%20finding%20rackspace%20where%20we%20can%20host%20a%20couple%20physical%20servers%20off-site%20instead%20of%20spinning%20up%20virtual%20machines%20in%20Azure%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-808503%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-808764%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-808764%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20need%20a%20DC%20anyway%20for%20AD%20FS.%20This%20document%20describes%20a%20sample%20scenario%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Fdeployment%2Fhow-to-connect-fed-azure-adfs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Fdeployment%2Fhow-to-connect-fed-azure-adfs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-810942%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810942%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BIn%20this%20scenario%20can%20we%20have%20a%20couple%20AD%20servers%20on%20prem%20as%20well%20as%20in%20Azure%3F%26nbsp%3B%20Or%20would%20AD%20need%20to%20be%20fully%20in%20Azure%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-811081%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-811081%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%2C%20look%20at%20the%20diagrams%2C%20if%20nothing%20else...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
brentmattson
Occasional Contributor

Current setup

  • 1 ADFS server on prem
  • 1 WAP server on prem
  • 2 domain controllers on prem
  • Office 365 federated with ADFS
  • 1 Azure AD Connect server syncing AD to Azure 
  • 1 VPN to Azure (for testing at the moment)

I am looking for some advice on what to do with ADFS.  We would like to have some HA and DR in place. 

 

I am wondering if I could potentially either move my ADFS servers into Azure and host them their or have a DR site setup in Azure to failover to if we have issues.  I also like the idea of putting a 3rd domain controller in Azure for DR which if we migrated ADFS into Azure I am thinking we would need.

 

Am I way off base here on how we could leverage Azure for hosting this?

Am I better off finding rackspace where we can host a couple physical servers off-site instead of spinning up virtual machines in Azure?

3 Replies

@Vasil Michev In this scenario can we have a couple AD servers on prem as well as in Azure?  Or would AD need to be fully in Azure?

You can, look at the diagrams, if nothing else...