web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / AD FS requirement for ...
Customer experience | Sales, Customer Insights,...
Suggested Answer

AD FS requirement for Dynamics 365 App

(0) ShareShare
ReportReport
Posted on by EKCRM 65

Should AD FS be installed on the same server that is also a DC?  Is there a specific role that DC should have?

I have the same question (0)
  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    Hey!

    This is old documentation but is valid still: docs.microsoft.com/.../cc778681(v=ws.10)  

    Because ADFS requires the installation of Internet Information Services (IIS), we strongly recommend that you not install any ADFS components on a domain controller in a production environment.

    Hope it helps!

  • EKCRM Profile Picture
    EKCRM 65 on at

    So is your recommendation that we install it on its OWN windows 2016 or 2019 server or can we install it on the same server as Dynamics CRM?

  • Suggested answer
    PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    Hey!

    That's going to depend on the purpose of the installation: If it's a development environment or a Demo/testing purpose with just a few users, then having both things on the same server makes sense.  You can read more on this approach on https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/deploy-and-configure-ad-fs.  Please be aware that ADFS will install on the default site and that you'll need to configure a new website for the Dynamics 365 server.  

    However, for larger installations it's better to have these roles separated.  On this link https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/best-practices-securing-ad-fs  there's some documentation (and specially a Topology diagram) that depicts that you should have one part on your corporate network (Domain controllers + ADFS) and on a DMZ a Web Application Proxy that will connect to the ADFS.  Keep in mind that your Dynamics (WebServers + Database servers) will be on your corporate network.

    Best regards

  • Eccountable Profile Picture
    Eccountable 10 on at

    Is AD FS the only option to permit off-prem users to work with D365 CE, or can a VPN product work?

  • PerezAguiar Profile Picture
    PerezAguiar Microsoft Employee on at

    Hey! As far as I've seen, ADFS means that your local Active Directory authenticates and establishes a Token that is recognized by CRM.  The alternative to that, is to rely on Azure for authentication.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
Tom_Gioielli Profile Picture

Tom_Gioielli 70 Super User 2025 Season 2

#2
Gerardo Rentería García Profile Picture

Gerardo Rentería Ga... 33 Most Valuable Professional

#3
Daniyal Khaleel Profile Picture

Daniyal Khaleel 32 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans