Q. How many Active Directory Federation Service (ADFS) servers do I need in a multi-domain environment?

A. ADFS works well with trusts, so the answer depends on the trusts between the domains. Essentially, the ADFS server has to be able to query the user account to populate the claims information.

A single ADFS server can service all domains in a forest (because all domains in a forest have bi-directional, transitive trusts). In addition, a single ADFS server could service all domains and forests that have a trust relationship. If you have forests without trusts, you need one ADFS server for each forest.

Related Reading:

Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.