Ive inherited a domain set up as abc.local
Within the domain are many, many services and applications.
The exchange is onsite and very few but growing cloud presence.
Changing the domain from abc.local to an outside domain such as abc.com
isnt going to happen.
Ive been tasked to create an ADFS portal to the outside world for single sign on
that will allow outside services to be routed inwards and to be able to get our inside
applications to the outside more easily.
This is where all the fun begins. Since it is currently an abc.local domain, there is no SSL certificate services that will or can verify the domain information. So that meant that I had to use an outside registerable domain name such as abc.net
Ive got my WAP server setup on the outside DMZ as a stand alone server. It has my SSL wildcard certificate for the new abc.net domain. I can get said WAP server to see through DNS my internal domain with NO issue.
The part that I get tripped up on is getting the WAP to tie correctly to the ADFS server. It too has the SSL wildcard certificate used on the WAP server set up. However I constantly when trying to tie them together get errors about not being able to communicate correctly.
Second Scenario - Same issue with the above abc.local domain, decided to put in a pristine domain forest all together, abc.net to act as a bypass domain. Set up domain controller, and all associated GPs, Sites & Services, etc. Setup the Trust Relationship with the abc.local domain, complete two way transitive to ensure that this domain would be able to authenticate users from the associated abc.local domain. WAP server will be again setup on the DMZ with associated SSL wildcard certificate, and be able to see the entire forests. The ADFS server will be registered into the new abc.net domain as well as a MSSQL2017 server for the database.
Has anyone got an Idea of what may or may not be causing issues on first setup, and be able to guide my fixing it?
On the second scenario - Is this a common method of getting around the issues of the abc.local domains or is there a simpler way to deal with it? If it's a common method, am I missing anything?
ALL help is greatly appreciated.