This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 2%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
We had one adfs server for SSO to a couple of external resources (NOT Microsoft). We have since added Enterprise apps in AzureAD for those resources and use AAD for our SSO.
I can find many docs on retiring one server from a farm but nothing standalone. Also nothing related to non-aad SSO.
The server is no longer needed. Can I just shut it down. Delete the VM and any dns records pointing to it.
Is there a proper procedure for shutting down the last (only) adfs server? Is there anything that need to be done in, for example, adsiedit?
Thanks!
When you are sure you do not need the ADFS server you can just shut it down.
I would take a last back up with the Rapid Restore PowerShell module just in case you need to restore it.
If you want to be thorough, you can delete the DKM containers in AD:
They are visible only if you enabel the Advanced Features in the View menu of the dsa.msc console and if you are connected with a domain admin account.
You can also delete the DNS record. Revoke the TLS certificate (if that was dedicated to ADFS) with the statys Cease of Operation (although you might want to wait a couple of weeks in case you want to restore the farm, so you might just suspend it for now and set it to the status Certificate Hold). Disable the service account used for ADFS (then delete it). Decommision the WAP servers if any.