A. ADFS works well with trusts, so the answer depends on the trusts between the domains. Essentially, the ADFS server has to be able to query the user account to populate the claims information.
A single ADFS server can service all domains in a forest (because all domains in a forest have bi-directional, transitive trusts). In addition, a single ADFS server could service all domains and forests that have a trust relationship. If you have forests without trusts, you need one ADFS server for each forest.Related Reading:
- Q. I have users in another forest who I want to have Exchange mailboxes in my Exchange organization. What are my options?
- Q. What are the server roles in Windows Server 2008?
- How ADFS "Does" Identity Federation
- ADFS Architecture
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.