Get rid of on Premise ADFS server

Question

Hello everyone

I have a task , to get rid of on premise ADFS server, currently AD migrated to Azure with all functions and Azure has ADFS services set.
I would like to understand is there a clear guide from Microsoft how to do this procedure and just demote ADFS server on prem.

Thanks in advance.

Answer 1

Hi @Mikayel Mikayelyan , my colleague Vipul answered a similar question recently here. Here is what you should do:

1) You will need to make sure to remove there ADFS entries from any of the load balancers (internal as well as external) you might have configured for them.

2) Delete any corresponding DNS entries for ADFS servers in your environment.

3) On the primary ADFS server run (Get-ADFSProperties) and look for CertificateSharingContainer. Keep a note of this DN, as you will need to delete it near the end of the installation (after a few reboots and when it is not available any more)
• Remove the content in this DN using ADSI Edit after uninstallation.

4) Uninstall the WAP (Proxy) Servers.
• Login to each WAP server, open the Remote Access Management Console and look for published web applications.
• Remove any related to ADFS that are not being used any more.
• When all the published web applications are removed, uninstall WAP with the following Remove-WindowsFeature Web-Application-Proxy,CMAK,RSAT-RemoteAccess.

5) Uninstall the ADFS Servers.
• Starting with the secondary nodes, uninstall ADFS with Remove-WindowsFeature ADFS-Federation,Windows-Internal-Database
• After this run del C:\Windows\WID\data\adfs* to delete the database files and

6) You can now safely delete your ADFS Account.

I hope this helps! If you still need assistance please let me know. If not, please mark this answer as verified.

Thank you,
James