Skip to main content

Notifications

Announcements

Join us in the Community for an AMA: December 12th Register Today
News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / AD FS requirement for ...
Customer experience | Sales, Customer Insights,...
Suggested answer

AD FS requirement for Dynamics 365 App

(0) ShareShare
ReportReport
Posted on by EKCRM 65

Should AD FS be installed on the same server that is also a DC?  Is there a specific role that DC should have?

  • PerezAguiar Profile Picture
    PerezAguiar on at
    RE: AD FS requirement for Dynamics 365 App

    Hey! As far as I've seen, ADFS means that your local Active Directory authenticates and establishes a Token that is recognized by CRM.  The alternative to that, is to rely on Azure for authentication.

  • Eccountable Profile Picture
    Eccountable 613 on at
    RE: AD FS requirement for Dynamics 365 App

    Is AD FS the only option to permit off-prem users to work with D365 CE, or can a VPN product work?

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: AD FS requirement for Dynamics 365 App

    Hey!

    That's going to depend on the purpose of the installation: If it's a development environment or a Demo/testing purpose with just a few users, then having both things on the same server makes sense.  You can read more on this approach on https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/deploy-and-configure-ad-fs.  Please be aware that ADFS will install on the default site and that you'll need to configure a new website for the Dynamics 365 server.  

    However, for larger installations it's better to have these roles separated.  On this link https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs  there's some documentation (and specially a Topology diagram) that depicts that you should have one part on your corporate network (Domain controllers + ADFS) and on a DMZ a Web Application Proxy that will connect to the ADFS.  Keep in mind that your Dynamics (WebServers + Database servers) will be on your corporate network.

    Best regards

  • EKCRM Profile Picture
    EKCRM 65 on at
    RE: AD FS requirement for Dynamics 365 App

    So is your recommendation that we install it on its OWN windows 2016 or 2019 server or can we install it on the same server as Dynamics CRM?

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar on at
    RE: AD FS requirement for Dynamics 365 App

    Hey!

    This is old documentation but is valid still: docs.microsoft.com/.../cc778681(v=ws.10)  

    Because ADFS requires the installation of Internet Information Services (IIS), we strongly recommend that you not install any ADFS components on a domain controller in a production environment.

    Hope it helps!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join us in the Community for an AMA: December 12th Register Today

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,240 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,149 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans