Using existing external ADFS infrastructure with New office 365 setup

Occasional Contributor
Dear Team I am currently wotking with a customer on an office 365 migration. 1. Currently customer has an exising ADFS 2.0 Infrastructure with endpoint say domainA is only available externally and there is not internal DNS zone for domainA locally. Internal users that currently consume ADFS applications are re-directed to the external ADFS (no split-brain scenario for 2. All intenal users currenlt have their upn as domainB.local which we plan to change/remove. 3. Due to new company branding, users emails address will be changing to for best practice, we are planning to change user's upn in active directory to to match their email addresses. My questions are: 1. Can i use the same adfs endpoint for federating the new domain with office 365? 2. Do i need an internal dns zone for 3. is it worth building a new ADFS infrastructure to match our new email/upn i.e. Regards Victor
3 Replies

1. Yes. You can use for every federated domain.

2. You should use split-brain DNS, this is a recommendation and best practices using AD FS and Office 365, also if you are plan to use Exchange hybrid.

3. No, you can use a single AD FS instance.




best response confirmed by Victor bassey (Occasional Contributor)

Thanks Dominic for the response. Is split-brain dns a requirement for exchange online hybrid deployment? Can you shed more light on the impact of not using split dns?


Yhank you once again.


Not a requirement, but recommended. All your network traffic is going from external via proxy to your internal servers. This requires excellent latency and bandwidth, especially if a lot of your users login to ad fs from external via proxy.


Some companies have no split-brain dns as well, but they do some routing-tricks at the load balancer or proxy to re-route specific client ips directly to internal ...