BPuhl’s Blog

A little bit of everything without actually being much of anything


Posted by BPuhl on April 4, 2008

By far, the most important thing to know about Active Directory Federation Services is this:

IT IS NOT ACTIVE DIRECTORY! It’s not even close. 


It’s a web service that gives out authorization tokens, but that’s not AD. 


So when you’re looking to start to deploy ADFS, take away all of the things that you know about AD:  DCLocator, replication, SRV records, multi-master…  get rid of them all.


Ok, now go break out the book on how to build a high-availability IIS web farm, and begin your ADFS deployment.

(important disclaimer:  Don’t take this as a negative, because it’s not meant to be.  It’s simply a reality check, because I suspect…actually, I hope…that many AD admins will sooner or later become ADFS admins)


One Response to “ADFS vs AD”

  1. Laura said

    “But…but it’s got ‘Active Directory’ in the name, it’s gotta be the same thing, right?”

    I’ll run away now before you start lobbing grenades at me. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: