I am currently wotking with a customer on an office 365 migration.
1. Currently customer has an exising ADFS 2.0 Infrastructure with endpoint say sts.domainA.com. domainA is only available externally and there is not internal DNS zone for domainA locally. Internal users that currently consume ADFS applications are re-directed to the external ADFS sts.domainA.com (no split-brain scenario for domainA.com)
2. All intenal users currenlt have their upn as domainB.local which we plan to change/remove.
3. Due to new company branding, users emails address will be changing to user@domainC.com. for best practice, we are planning to change user's upn in active directory to domainC.com to match their email addresses.
My questions are:
1. Can i use the same adfs endpoint sts.domainA.com for federating the new domain domainC.com with office 365?
2. Do i need an internal dns zone for domainA.com?
3. is it worth building a new ADFS infrastructure to match our new email/upn i.e. sts.domainC.com
Not a requirement, but recommended. All your network traffic is going from external via proxy to your internal servers. This requires excellent latency and bandwidth, especially if a lot of your users login to ad fs from external via proxy.
Some companies have no split-brain dns as well, but they do some routing-tricks at the load balancer or proxy to re-route specific client ips directly to internal ...