This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 69%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
We are going though the unnecessarily complicated process of migrating Azure AD Connect to a new server. (Surely they could automate the migration to a new Azure AD Connect with the same configuration?)
In this environment, users currently sign in to Azure / Office 365 using Federation with AD FS.
When looking at the sign-in screen in the current Azure AD Connect instance, I was expecting to see current sign-in method that is being used selected. But instead, it simply shows no options as selected. I'm assuming this is because the current Azure AD Connect instance was originally installed before most of these options were ever available. I assume then that Azure AD Connect has not been used at all to manage AD FS, even though AD FS is running Windows 2012 R2 currently. I also noticed there is no folder %ProgramData%\AADConnect\ADFS containing AD FS backup files, which also indicates that Azure AD Connect is not currently managing AD FS.
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-azure-ad-trust
So onto my questions.
If I select the sign-in option "Federation with AD FS", I understand that Azure AD Connect will start to manage AD FS in respect to the Azure AD trust and the AD FS certificates. At this time, I prefer for Azure AD Connect to not manage this. I just want to migrate to a new Azure AD Connect for now.
If I select the sign-in option "Do not configure", am I correct in my understanding that it will simply leave the authentication alone and AD FS will continue to simply work as it did before? If so, I will go with selecting this option. Are there any drawbacks to be aware of?
Correct, if you choose " Do not configure", no changes will be made to your existing ADFS architecture.
I'm currently in the same situation and had the exact same question. Thankfully I found the following blog post which says to select "Do not configure" if you already have AD FS configured in your environment. Microsoft's documentation should be more clear about this and mention "Do not configure" is an option if you have an existing AD FS infrastructure and are performing a swing migration of Azure AD Connect.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 81%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEL%3C/text%3E%3C/svg%3E)
Hi.
Sorry to hijack this question, but I am in a similar situation.
Rather than not letting Azure AD connect manage my ADFS I want to change that, but I am afraid of the consequences of changing the Sign-in method from "not configured" to "federated sign-in".
I am currently using "federated sign-in" just not configured by Azure AD Connect.
Can I break something when changing the setting in Azure AD connect?
Thanks..
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 84%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHE%3C/text%3E%3C/svg%3E)
may I know how it went with you ?
Hi. I ended up never changing the setting. I don't think that would have ended good.