Home

Can I run ADFS running in Azure with AD on prem

%3CLINGO-SUB%20id%3D%22lingo-sub-808503%22%20slang%3D%22en-US%22%3ECan%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-808503%22%20slang%3D%22en-US%22%3E%3CP%3ECurrent%20setup%3C%2FP%3E%3CUL%3E%3CLI%3E1%20ADFS%20server%20on%20prem%3C%2FLI%3E%3CLI%3E1%20WAP%20server%20on%20prem%3C%2FLI%3E%3CLI%3E2%20domain%20controllers%20on%20prem%3C%2FLI%3E%3CLI%3EOffice%20365%20federated%20with%20ADFS%3C%2FLI%3E%3CLI%3E1%20Azure%20AD%20Connect%20server%20syncing%20AD%20to%20Azure%26nbsp%3B%3C%2FLI%3E%3CLI%3E1%20VPN%20to%20Azure%20(for%20testing%20at%20the%20moment)%3C%2FLI%3E%3C%2FUL%3E%3CP%3EI%20am%20looking%20for%20some%20advice%20on%20what%20to%20do%20with%20ADFS.%26nbsp%3B%20We%20would%20like%20to%20have%20some%20HA%20and%20DR%20in%20place.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20wondering%20if%20I%20could%20potentially%20either%20move%20my%20ADFS%20servers%20into%20Azure%20and%20host%20them%20their%20or%20have%20a%20DR%20site%20setup%20in%20Azure%20to%20failover%20to%20if%20we%20have%20issues.%26nbsp%3B%20I%20also%20like%20the%20idea%20of%20putting%20a%203rd%20domain%20controller%20in%20Azure%20for%20DR%20which%20if%20we%20migrated%20ADFS%20into%20Azure%20I%20am%20thinking%20we%20would%20need.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20way%20off%20base%20here%20on%20how%20we%20could%20leverage%20Azure%20for%20hosting%20this%3F%3C%2FP%3E%3CP%3EAm%20I%20better%20off%20finding%20rackspace%20where%20we%20can%20host%20a%20couple%20physical%20servers%20off-site%20instead%20of%20spinning%20up%20virtual%20machines%20in%20Azure%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-808503%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-808764%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-808764%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20need%20a%20DC%20anyway%20for%20AD%20FS.%20This%20document%20describes%20a%20sample%20scenario%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Fdeployment%2Fhow-to-connect-fed-azure-adfs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Fdeployment%2Fhow-to-connect-fed-azure-adfs%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-810942%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-810942%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BIn%20this%20scenario%20can%20we%20have%20a%20couple%20AD%20servers%20on%20prem%20as%20well%20as%20in%20Azure%3F%26nbsp%3B%20Or%20would%20AD%20need%20to%20be%20fully%20in%20Azure%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-811081%22%20slang%3D%22en-US%22%3ERe%3A%20Can%20I%20run%20ADFS%20running%20in%20Azure%20with%20AD%20on%20prem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-811081%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%2C%20look%20at%20the%20diagrams%2C%20if%20nothing%20else...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
brentmattson
Occasional Contributor

Current setup

  • 1 ADFS server on prem
  • 1 WAP server on prem
  • 2 domain controllers on prem
  • Office 365 federated with ADFS
  • 1 Azure AD Connect server syncing AD to Azure 
  • 1 VPN to Azure (for testing at the moment)

I am looking for some advice on what to do with ADFS.  We would like to have some HA and DR in place. 

 

I am wondering if I could potentially either move my ADFS servers into Azure and host them their or have a DR site setup in Azure to failover to if we have issues.  I also like the idea of putting a 3rd domain controller in Azure for DR which if we migrated ADFS into Azure I am thinking we would need.

 

Am I way off base here on how we could leverage Azure for hosting this?

Am I better off finding rackspace where we can host a couple physical servers off-site instead of spinning up virtual machines in Azure?

3 Replies

@Vasil Michev In this scenario can we have a couple AD servers on prem as well as in Azure?  Or would AD need to be fully in Azure?

You can, look at the diagrams, if nothing else...

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies