準備移轉 AD FS 2.0 WID 陣列Prepare to migrate an AD FS 2.0 WID farm

若要準備移轉到 Windows Server 2012 的 Windows 內部資料庫 (WID) 發電廠屬於 AD FS 2.0 聯盟伺服器,您必須匯出,並從這些伺服器備份 AD FS 設定資料。To prepare to migrate AD FS 2.0 federation servers that belong to a Windows Internal Database (WID) farm to Windows Server 2012, you must export and back up the AD FS configuration data from these servers.

若要匯出 AD FS 設定資料,請執行下列工作:To export the AD FS configuration data, perform the following tasks:

步驟 1:匯出服務設定Step 1: Export service settings

若要匯出服務設定,請執行下列程序:To export service settings, perform the following procedure:

若要匯出服務設定To export service settings

  1. 記錄憑證主體名稱與指紋的值同盟服務使用 SSL 憑證。Record the certificate subject name and thumbprint value of the SSL certificate used by the federation service. 若要尋找 SSL 憑證,開放網際網路服務 (IIS) 管理主控台中,選取網站預設在左窗格中,按一下 [繫結...To find the SSL certificate, open the Internet Information Services (IIS) management console, select Default Web Site in the left pane, click Bindings… 動作窗格中,然後尋找並選取 https 繫結,按編輯,然後按一下 [檢視in the Action pane, find and select the https binding, click Edit, then click View.

注意

或者,您也可以匯出 SSL 憑證及私密金鑰.pfx 檔案。Optionally, you can also export the SSL certificate and its private key to a .pfx file. 如需詳細資訊,請查看匯出私人鍵部分伺服器驗證憑證的For more information, see Export the Private Key Portion of a Server Authentication Certificate.

這個步驟是選擇性的因為此憑證會儲存在本機電腦個人化憑證存放區中,並將會保留在升級作業系統。This step is optional because this certificate is stored in the local computer Personal certificates store and will be preserved in the operating system upgrade.

  1. 匯出任何權杖簽署、權杖加密或服務通訊憑證和按鍵不內部專,除了自動簽署的憑證。Export any token-signing, token-encryption, or service-communications certificates and keys that are not internally generated, in addition to self-signed certificates.

您可以檢視所有使用 Windows PowerShell 來使用您的伺服器上的憑證。You can view all the certificates that are in use on your server by using Windows PowerShell. 打開 Windows PowerShell 並執行下列命令新增至您的 Windows PowerShell 工作階段的 AD FS cmdlet: PSH:>add-pssnapin “Microsoft.adfs.powershell”Open Windows PowerShell and run the following command to add the AD FS cmdlets to your Windows PowerShell session: PSH:>add-pssnapin “Microsoft.adfs.powershell”. 然後執行下列命令,以檢視所有的憑證會使用您的伺服器上的PSH:>Get-ADFSCertificateThen run the following command to view all certificates that are in use on your server PSH:>Get-ADFSCertificate. 這個命令的輸出包括 StoreLocation 和 StoreName 值指定每個憑證存放區的位置。The output of this command includes StoreLocation and StoreName values that specify the store location of each certificate. 您可以使用中的指導匯出私人鍵部分伺服器驗證憑證的,將每個憑證及私密金鑰匯出至.pfx 檔案。You can then use the guidance in Export the Private Key Portion of a Server Authentication Certificate to export each certificate and its private key to a .pfx file.

注意

因為在作業系統升級過程中保留所有外部憑證,是選擇性的此步驟。This step is optional, because all external certificates are preserved during the operating system upgrade.

  1. 記錄 AD FS 2.0 同盟服務 account 的身分,這 account 的密碼。Record the identity of the AD FS 2.0 federation service account and the password of this account.

若要尋找的身分值,請檢查登入以欄的AD FS 2.0 Windows 服務服務主機和記錄值,以手動方式。To find the identity value, examine the Log On As column of AD FS 2.0 Windows Service in the Services console and manually record the value.

步驟 2:備份自訂屬性存放區Step 2: Back up custom attribute stores

您可以使用 Windows PowerShell 來使用 AD FS 找到自訂屬性存放區的相關資訊。You can find information about custom attribute stores in use by AD FS by using Windows PowerShell. 打開 Windows PowerShell 並執行下列命令新增至您的 Windows PowerShell 工作階段的 AD FS cmdlet: PSH:>add-pssnapin “Microsoft.adfs.powershell”Open Windows PowerShell and run the following command to add the AD FS cmdlets to your Windows PowerShell session: PSH:>add-pssnapin “Microsoft.adfs.powershell”. 然後執行下列命令,以尋找自訂屬性存放區的相關資訊:PSH:>Get-ADFSAttributeStoreThen run the following command to find information about the custom attribute stores: PSH:>Get-ADFSAttributeStore. 步驟升級,或者移轉自訂屬性存放區而有所不同。The steps to upgrade or migrate custom attribute stores vary.

步驟 3:備份網頁的自訂項目Step 3: Back up webpage customizations

若要備份的任何網頁自訂項目,複製 AD FS 網頁和web.config檔案從 [對應至 virtual 路徑 directory 」日 adfs 日 ls]在。To back up any webpage customizations, copy the AD FS webpages and the web.config file from the directory that is mapped to the virtual path “/adfs/ls” in IIS. 根據預設,這是在%systemdrive%\inetpub\adfs\ls directory。By default, it is in the %systemdrive%\inetpub\adfs\ls directory.

後續步驟Next Steps

準備移轉 AD FS 2.0 聯盟伺服器Prepare to Migrate the AD FS 2.0 Federation Server
移轉 AD FS 2.0 聯盟伺服器 Proxy 準備Prepare to Migrate the AD FS 2.0 Federation Server Proxy
移轉 AD FS 2.0 聯盟伺服器Migrate the AD FS 2.0 Federation Server
移轉 AD FS 2.0 聯盟伺服器 ProxyMigrate the AD FS 2.0 Federation Server Proxy
移轉 AD FS 1.1 Web 代理程式Migrate the AD FS 1.1 Web Agents