Changing the Primary AD FS Server in an AD FS Farm

When you deploy AD FS 2.0 out of the box and install in a default setup, it will make use of a Windows Internal Database (WID). The default setup for the WID database is that the Primary AD FS server has a read/write copy and the Secondary server(s) have a read only copy that is synchronizes from the Primary. If you need to move the Primary role to another server, for whatever reason, you can move the role with a simple PowerShell command.

Run this PowerShell command on the Secondary AD FS server that you want to make Primary AD FS server.

Set-AdfsSyncProperties -Role PrimaryComputer

This will now move the Primary role to the server where the command was run. If you have two or more Secondary servers in the farm you need to update the other Secondary servers.

Run this PowerShell command on the other Secondary AD FS server(s) so that they now sync with the new AD FS Primary server

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName FQDN AD FS Primary Server

Leave a Reply