cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Using existing external ADFS infrastructure with New office 365 setup

Victor bassey
Copper Contributor

‎Mar 12 2018 08:56 AM - last edited on ‎Feb 01 2023 09:19 AM by

‎Mar 12 2018 08:56 AM - last edited on ‎Feb 01 2023 09:19 AM by

Using existing external ADFS infrastructure with New office 365 setup

Dear Team I am currently wotking with a customer on an office 365 migration. 1. Currently customer has an exising ADFS 2.0 Infrastructure with endpoint say sts.domainA.com. domainA is only available externally and there is not internal DNS zone for domainA locally. Internal users that currently consume ADFS applications are re-directed to the external ADFS sts.domainA.com (no split-brain scenario for domainA.com) 2. All intenal users currenlt have their upn as domainB.local which we plan to change/remove. 3. Due to new company branding, users emails address will be changing to user@domainC.com. for best practice, we are planning to change user's upn in active directory to domainC.com to match their email addresses. My questions are: 1. Can i use the same adfs endpoint sts.domainA.com for federating the new domain domainC.com with office 365? 2. Do i need an internal dns zone for domainA.com? 3. is it worth building a new ADFS infrastructure to match our new email/upn i.e. sts.domainC.com Regards Victor
Labels:
1,441 Views
0 Likes
3 Replies
Reply
3 Replies
Dominik Hoefling

‎Mar 13 2018 03:18 AM

‎Mar 13 2018 03:18 AM

Re: Using existing external ADFS infrastructure with New office 365 setup

1. Yes. You can use sts.domainA.com for every federated domain.

2. You should use split-brain DNS, this is a recommendation and best practices using AD FS and Office 365, also if you are plan to use Exchange hybrid.

3. No, you can use a single AD FS instance.

 

Best,

Dominik

0 Likes
Reply
best response confirmed by Victor bassey (Copper Contributor)
Victor bassey

‎Mar 13 2018 06:33 AM

‎Mar 13 2018 06:33 AM

Solution

Re: Using existing external ADFS infrastructure with New office 365 setup

Thanks Dominic for the response. Is split-brain dns a requirement for exchange online hybrid deployment? Can you shed more light on the impact of not using split dns?

 

Yhank you once again.

victor

0 Likes
Reply
Dominik Hoefling

‎Mar 14 2018 08:11 AM

‎Mar 14 2018 08:11 AM

Re: Using existing external ADFS infrastructure with New office 365 setup

Not a requirement, but recommended. All your network traffic is going from external via proxy to your internal servers. This requires excellent latency and bandwidth, especially if a lot of your users login to ad fs from external via proxy.

 

Some companies have no split-brain dns as well, but they do some routing-tricks at the load balancer or proxy to re-route specific client ips directly to internal ...

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Victor bassey (Copper Contributor)
Victor bassey

‎Mar 13 2018 06:33 AM

‎Mar 13 2018 06:33 AM

Solution

Re: Using existing external ADFS infrastructure with New office 365 setup

Thanks Dominic for the response. Is split-brain dns a requirement for exchange online hybrid deployment? Can you shed more light on the impact of not using split dns?

 

Yhank you once again.

victor

View solution in original post

0 Likes
Reply