182 questions
Best Practice for ADFS High Availability
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 22%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAE%3C/text%3E%3C/svg%3E)
Ahmed Essam
220
Reputation points
Hi everyone,
I'm seeking guidance on the best practices for extending our ADFS environment to a DR (Disaster Recovery) site.
Here’s our current setup at HQ:
- Two ADFS servers.
A Barracuda load balancer for high availability.
Microsoft Entra Connect is configured to use ADFS for authentication.
ADFS servers are using the default Windows Internal Database (WID).
We now plan to extend ADFS to our DR site to ensure service continuity in case of a failure at HQ.
My questions are:
Can we continue using WID for the DR extension, or do we need to move to a full SQL Server backend (e.g., SQL Always On) to support ADFS across multiple sites?
If WID is sufficient, what are the best practices to properly configure ADFS servers across primary and DR sites?
Are there any considerations for latency, replication, or failover between the HQ and DR ADFS servers when using WID?
Should the DR ADFS servers be added as additional federation servers in the existing farm, or is there a different recommended approach?
I appreciate any advice, experiences, or official documentation links that could guide us.
Thanks,
Sign in to answer