PowerShell can be used to quickly identify the primary server in an AD FS 2.0 farm. When you deploy AD FS 2.0 and setup with a default install, it will use Windows Internal Database (WID). In this setup the WID database on the Primary AD FS server is a read/write copy. All the Secondary AD FS server(s), in the farm, have a read only copy that is synchronizes from the Primary.
Run this command to view the role of the server and see who it’s synchronizing the database changes from.
Command run on an AD FS Primary Server
Command run on an AD FS Secondary Server
In the event that you lose the Primary AD FS server in the farm, you can move the role to any Secondary Server in the same farm. This again is done through PowerShell with a simple command.
Run this PowerShell command on the Secondary AD FS server that you want to make Primary AD FS server.
Set-AdfsSyncProperties -Role PrimaryComputer
Run this command to view the current role. It should change to PrimaryComputer
Now that the Primary role is moved you must update all the other Secondary servers, if you have more than two Secondary servers in the farm.
Run this PowerShell command on the other Secondary AD FS servers so that they now sync with the new AD FS Primary server
Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName FQDN of ADFS Primary Server
Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.
Kelsey Epps Office365 MVP