ADFS vs AD
Posted by BPuhl on April 4, 2008
By far, the most important thing to know about Active Directory Federation Services is this:
IT IS NOT ACTIVE DIRECTORY! It’s not even close.
It’s a web service that gives out authorization tokens, but that’s not AD.
So when you’re looking to start to deploy ADFS, take away all of the things that you know about AD: DCLocator, replication, SRV records, multi-master… get rid of them all.
Ok, now go break out the book on how to build a high-availability IIS web farm, and begin your ADFS deployment.
(important disclaimer: Don’t take this as a negative, because it’s not meant to be. It’s simply a reality check, because I suspect…actually, I hope…that many AD admins will sooner or later become ADFS admins)