PowerShell can be used to quickly
identify the primary server in an AD FS 2.0 farm. When you deploy AD FS 2.0 and
setup with a default install, it will use Windows Internal Database (WID). In
this setup the WID database on the Primary AD FS server is a read/write copy.
All the Secondary AD FS server(s), in the farm, have a read only copy that is
synchronizes from the Primary.
- Run this command to view the role of the server and see who it’s synchronizing the database changes from.
Add-PsSnapin Microsoft.Adfs.PowerShell
Get-ADFSSyncProperties
Command run on an AD FS Primary
Server
Command run on an AD FS Secondary
Server
In the event that you lose the
Primary AD FS server in the farm, you can move the role to any Secondary Server
in the same farm. This again is done through PowerShell with a simple command.
- Run this PowerShell command on the Secondary AD FS server that you want to make Primary AD FS server.
Set-AdfsSyncProperties
-Role PrimaryComputer
And then
- Run this command to view the current role. It should change to PrimaryComputer
Get-ADFSSyncProperties
Now that the Primary role is moved
you must update all the other Secondary servers, if you have more than two
Secondary servers in the farm.
Run this
PowerShell command on the other Secondary AD FS servers so that they now sync
with the new AD FS Primary server
Set-AdfsSyncProperties
-Role SecondaryComputer -PrimaryComputerName FQDN of ADFS Primary Server.
Now that
the Primary role is moved you must update all the other Secondary servers, if
you have more than two Secondary servers in the farm.
How the ADFS configuration database is synchronized
Because of the important role that
the AD FS configuration database plays, it is made available on all the
federation servers in the network to provide fault tolerance and load-balancing
capabilities when processing requests (when network load-balancers are used).
However, for secondary federation servers to serve in this capacity, the
AD FS configuration database that is stored on the primary federation
server must be synchronized.
When you add a federation server to
the farm, the new computer that will become a secondary federation server
connects to the primary federation server to replicate the copy of the
AD FS configuration database. From this point forward, the new federation
server continues to pull updates from the primary federation server on a
regular basis, as shown in the following illustration.
Each secondary federation server
polls the primary federation server every five minutes for changes. You
can adjust this default five-minute value or force an immediate synchronization
anytime by using a Windows PowerShell cmdlet.
The WID synchronization process also
supports incremental transfers for more efficient transfers of intermediate
changes. The incremental transfer process requires substantially less traffic
on a network, and transfers are completed much faster.
How To change the adfs database Sync frequency between Primary and Secondary
By default the sync frequency is set to 5 minutes(300 sec). Using above command we can set it to 1 minute(60 sec).
How To change the adfs database Sync frequency between Primary and Secondary
By default the sync frequency is set to 5 minutes(300 sec). Using above command we can set it to 1 minute(60 sec).
