Forum Discussion
Advice on moving from AD Connect with Password Sync to ADFS
You can reuse the existing server, that's not a problem. Having a single AD FS server (or WAP one) is a recipe for disaster however, you should have at minimum 2+2 to ensure HA.
You can use Server 2016. You can use the AD FS server to restrict logins based on criteria such as IP or protocol used, but the implementation depends on several factors (such as the use of Modern authentication), and in some cases Conditional access might be a better solution. I dont have enough time to write a proper answer now, but this has been discussed numerous time already, do a search on the internet to find the relevant articles.
You can find the instructions about switching between federated and managed ids with password sync here: https://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx
You can reuse the existing server, that's not a problem. Having a single AD FS server (or WAP one) is a recipe for disaster however, you should have at minimum 2+2 to ensure HA.
You can use Server 2016. You can use the AD FS server to restrict logins based on criteria such as IP or protocol used, but the implementation depends on several factors (such as the use of Modern authentication), and in some cases Conditional access might be a better solution. I dont have enough time to write a proper answer now, but this has been discussed numerous time already, do a search on the internet to find the relevant articles.
You can find the instructions about switching between federated and managed ids with password sync here: https://social.technet.microsoft.com/wiki/contents/articles/17857.dirsync-how-to-switch-from-single-sign-on-to-password-sync.aspx
Thanks Vasil.
