How To Upgrade AD FS 3.0 To AD FS Server 2016 - Part Two

Before reading this article, I would recommend you to go through the previous part How To Upgrade AD FS 3.0 To AD FS Server 2016 - Part One

Now, let's continue.  
 
Once the computer restarts Server 2016, you can see that AD FS Management is available. Now, click on it and open the AD FS Management.
 
Server

But you can see that AD FS on Server 2016 is not showing anything here. The reason behind is that the behavior of the farm is Server 2012 and only the Server 2012 AD FS nodes can manage the farm.

Server

If you run the command "Get-AdfsSyncProperties"  on Server 2016, you will see that PrimaryComputerName is adfs.windowstechpro.com which is Server 2012 AD FS Server and the Role of Server 2016 is SecodaryComputer. Hence, it will act as a simple AD FS Server and can take connections and respond wherein it cannot give any Server 2016 features.

Server

If you run the same Get-AdfsSyncProperties command on Server 2012, you will see that now, its role is Primarycomputer.

Server

Phase 3 Moving FBL to Server 2016

Step 1

Before we move FBL to Server 2016, we need to make Server 2016 as PrimaryComputer so that AD FS Server 2016 will get an option to manage.

Run the below PowerShell command on Server 2016 AD FS Node to make AD FS Server 2016 as PrimaryComputer.

Set-AdfsSyncProperties -Role PrimaryComputer

Server

Run the below command on Server 2012 R2 Node

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName adfs2016.windowstechpro.com

Here, adfs2016.windowstechpro.com is the Server 2016 AD FS Server Name

Server

Once moved, if you open AD FS Management on Server 2012, you will get the below message.

Server
In the meantime, on Server 2016, you are now able to open AD FS Management console and it is loaded completely.

Server

On Server 2016, run the below command to get the AD FS Farm Information.

Get-AdfsFarmInformation

Server

Since it is not going to show you the Server 2012 nodes, you will get only the Server 2016 nodes and FBL level is 2012 R2 which is 1

Install Server 2016 ADFSProxy servers and migrate all the nodes to Server 2016 and remove AD FS Server 2012 R2 Nodes. AD FS Server 2016 installations as same as of Server 2012 ADFSProxy Servers. Please refer the article to know how to install ADFSProxy Servers.

Step 2 Removing AD FS 2012 R2 Servers from the AD FS farm

Open Server Manager, go to Manag >> Remove Roles and Features.

Server

Click "Next".

Server

Again, click "Next".

Server

Uncheck the Active Directory Federation Services and click "Next".

Server

Again, click "Next". 

Server

Now, click "Remove".

Server

Restart the computer and you will see that AD FS Role is removed from the Server. Follow the same suit and remove all the Server 2012 AD FS Nodes from the Farm post. Make sure you have added Server 2016 Nodes in the farm. All are working as expected.

If you run the below command again on Server 2016, you still see that the farm is running on FBL 1

Get-AdfsProperities | Select CurrentFarmBehavior

Server

Step 3 Upgrading Farm to FBL Server 2016

Now, run the below command to upgrade the Farm behavior level to Server 2016.

 Invoke-AdfsFarmBehaviorLevelRaise

Note

Don’t run this command if you have any Server 2012 Nodes in AD FS or ADFSProxy(WAP) farms.

Server

You can see that ADFS Farm is getting upgraded and all the Server 2016 features are getting enabled for the ADFS Farm.

Server

Okay.. The upgrade has been completed successfully.

Server

Run the below command to see current FBL status.

Get-AdfsProperities |Select CurrentFarmBehavior

 Now, you can see CurrentFarmBehavior value is 3 which is AD FS 2016.

Server

Also, we can see the new features of AD FS 2016.

Server

Login to IDP Initiated page and check if the login process is working well.

Click on Sign in and provide the credentials.
Server

You can see sign-in successfully and all AD FS 2016 Sservers are healthy and working fine as expected.

Server

I have seen many times that some folks keep asking for adprep for Forest and domain. Ideally, it is not required but yes, we can do it so that you will get all the new values added to the forest for Server 2016 AD FS features.

Next Recommended Readings