Monday, 3 September 2012

Manually reconfigure AD FS for Office 365 Single Sign-on implementation

When you initially install Active Directory Federation Services (AD FS) in your environment, AD FS MMC allows you to run the Initial Configuration, however once it is completed you will no longer see that option in the MMC.

If for any reason you decide to reconfigure ADFS in your Office 365 Single Sign-on implementation, you will need to navigate to %programfiles%\"Active Directory Federation Services 2.0"\ , which is the default installation directory for AD FS, and run “FsConfigWizard.exe”, however before running this wizard you need to manually remove traces of AD FS in your environment by following these instructions:
 
1. Open IIS and remove AD FS application from its application pool
2. Delete relevant AD FS application pool
3. Delete AD FS virtual directory under “Default Web site”
4. Delete AD FS folder from “inetpub”
5. Run the following commands:
C:\Windows\System32\inetsrv\appcmd delete app “Default Web Site/adfs/ls”
C:\Windows\System32\inetsrv\appcmd delete app “Default Web Site/adfs/card”

If above tasks are not done before attempting to reconfigure the AD FS, the configuration wizard will detect that there is an existing web site and will not recreate it in IIS.

Also when running the configuration wizard, as you are trying to reconfigure an existing AD FS server, it will detect the database of previous installation and present you with the option to “Delete Database”, you need to make sure that you check this box.