Now that Windows Server 2012 R2 is out there are a ton of new features and changes, some of which have been touted loudly and others which are a bit more quiet. The louder ones have been mostly centered around Hyper-V and the introduction of VM Version 2 and improvements in Virtual Networking. Garnering significantly less notice is the removal of the ADFS proxy and reconfiguration of ADFS.
Active Directory Federation Services provide the ability for applications, services, and organizations to federate with an instance of Active Directory. This is a great replacement for Active Directory Trusts as well as a vehicle for Single-Sign On applications and a connection up to Office 365. The current version of ADFS (2.0) was available with Server 2008 R2, but it required downloading the package from Microsoft. Server 2012 added ADFS as a role and could be installed directly. It required IIS as a pre-requisite and while it could be installed on a domain controller, the IIS requirement might make some admins prefer not to install it on a domain controller. Personally, I prefer not to install anything on a domain controller besides Active Directory; and with the advent of VMs and Datacenter licensing there really is no reason to.
With Server 2012 R2 the IIS requirement has been lifted, thereby reducing the install footprint. Those admins that balked at installing IIS on a domain controller, can now feel free to install ADFS without that particular concern. A few other excellent features include support for remote installation, support for SQL server from the wizard installer, and support for SQL replication.
The other important change is the removal of the ADFS Proxy feature. That feature has been replaced by the Web Application Proxy role. The Web Application Proxy feature can still publish the ADFS resource, but it also provides the ability to publish other web based resources externally. The feature can perform either pass-through authentication or integrated authentication (which requires domain membership).
Important Note: WAP is not compatible with previous versions of ADFS on either Server 2012 or 2008 R2. If you try to create a published resource with the older versions of ADFS, the connection will fail with an unhelpful error.
There are multiple other improvements documented by Microsoft here. Server 2012 R2 is much more that just a service pack release and the number of changes is tremendous. So many of these changes have received much attention, but some fall through the cracks. ADFS 2012 R2 is one of those, and after running through the install and testing it out I have to say that it's by far the easiest, smoothest install of ADFS I've done yet.
Labels: ADFS, WAP, Web Application Proxy, Windows Server 2012 R2