Multiple AD FS Instances/independent AD FS Servers in one domain or forest

Similar Messages

• Multiple RDS servers in one domain

  Hi
  We are trying to create a new setup using Windows Server 2012 R2 where customers rent their own server. In this setup we will make all servers members of the same domain and then seperate the users by Groups and OU's.
  The problem that I am facing is that since every customer has a specific need for performance, storage, applications etc. we cannot really just create a big RDS farm with a lot of powerful servers, but instead we have to create a RDS-server for each customer.
  Now my question is how to do this in the right way. My first idea was to make a complete single server RDS setup for each customer where the roles installed by a standard RDS deployment is installed on each server which is then assigned a public IP and a
  FQDN for the customer to connect to. But will this work if they are all members of the same domain and how do we control licensing if we want to host the RD Licensing role on another server in the domain?

  Hi Kenneth,
  Thank you for posting in Windows Server Forum.
  Yes, we can have multiple server in single domain. You can create different session host according to your requirement for the users assign permission and all on that server. All different session host server will join with connection broker installed. For
  making connection stable and available all time, you can have RDCB High Availability. In addition need to purchase trusted certificate for connection stability.
  For RD Licensing server to work, you need RDS CAL to access by different users. There are 2 types of RDS CAL (Per User & Per Device) and need to purchase according to your requirement. Before that you need to activate the RD Licensing server and then can
  install all RDS CAL. Also see that you need to point all the RD Session Host server to RD Licensing server for proper functioning. 
  You can go through below link for setting up RDS with proper solution.
  1. Step by Step Windows 2012 R2 Remote Desktop Services – Part 3 (4 part series)
  2. Specify a License Server for an RD Session Host Server to Use (For reference)
  3. RD Licensing Configuration on Windows Server 2012
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Run two CA servers in one domain/forest

  When we migrated from Windows Server 2008R2 to Windows Server 2012R2 we decided to migrate the CA from the old server to the new one. The problem was that the new server had a different name and the migration was that simple. After a year that everything
  was running ok, we now have problem with the CA. From one day to another there are no certificate templates anymore and the service keep crashing. As I can't find the reason and the solution I would like to setup a new CA on a fresh server that only will run
  the CA and let this CA deploy all the certificates to the clients. Is it possible to make a new CA while the existing one is still there?

  Hi,
  You can install multiple root CAs in one forest..
  Multiple Root CAs in single forest / single domain
  https://social.technet.microsoft.com/Forums/en-US/796c9e93-c25d-46c5-bd7e-a54afb3b3264/multiple-root-cas-in-single-forest-single-domain?forum=winserversecurity
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

  same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
  same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
  How this is technically different?
  If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
  dhomya

  If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing  accounts,
  groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
  I think that is a pretty big difference.
  In fact, it is bad practice to perform you daily server management with an AD privileged account.
  In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
  privileges. Always be carefull when assuming resulting privileges will be the same.
  MCP/MCSA/MCTS/MCITP

• Can I create multiple instances of  realplayer plug-in in one jsp page?

  I want to play meny video files in one jsp web page, these video files are to be played with the embeded plug-in of realplayer, each plug-in was linked(use its SRC property) a different video file. But, to my surprise, when I press the play button, every player played the same video file,not its specified file.
  I have no idea why it did so and what can I do?
  Whether can I create multiple instances of realplayer plug-in in one jsp page, that is to say, each instance is independent of others?
  thanks in advance!

  Generally speaking, Internet Explorer tries not to launch multiple versions of a plug-in. So what's happening is that you load the first video clip, and then before it has a chance to play, you load the second video clip into the same window. (It's like changing songs in WMA.)
  In some cases - this may not work for Real Player, but it's worth trying - if you spawn a new window through a hypertext link and then launch the plug-in in that window, IE will treat it separately. Otherwise, you could not, for example, run two Macromedia Flash applications from different web sites at the same time.
  Keep in mind that only one program can access the soundcard at a time, so Real Player may purposely "pause" or "cancel" other video streams until the active one finishes. If you were using the desktop version, selecting another video by any means aborts the currently running video (i.e., RP won't let you create a separate instance of it).
  The easiest solution is to create a wrapper JSP file that takes the name of the video clip, and plays it. Call that JSP and specify that it should be opened in a new window via the TARGET keyword in the anchor tag. Then hopefully RP itself won't block a second window from running.

• Creating multiple http servers on one machine

  I created multiple http servers on one machine.
  I did this in the following way:
  Created a http service as nt service with the following command:
  apache -i -n Testservice -f d:\oracle\isuites\apache\apache\conf\httpd2.conf.
  When I start the service, I always get an error:
  Didn't return an error. Cannot start service.
  Can someone help me.
  I need two httpd services as nt service. Because, I want to use oracle fail safe. So I need a service.
  Alternative : I can create batch files. But I want to start these batch files as nt service. Is there a possibility on
  Windows nt to do this, or an available tool.
  Thanks in advance,
  Iloon

            "Jason Rosenberg" <[email protected]> wrote:
            >Hello,
            >
            >I am wondering about having multiple servers on one machine.
            >I take it, each server will require a unique ip address, which can
            >be done either by using multiple NIC's or using multi-homing.
            If you want to have multiplie servers in the same machine and you want to cluster them then you need ip for each instance.
            If you want multiple instances without clustering, then you can have them run on the same ip but each one should have a different port.
            >
            >I am asking because I am wondering whether it will always be valid
            >for me in servlet code to identify my current server instance by
            >ip address (InetAddress). Or is there a better way to do this?
            If you are accessing the ejb/services on the same server using a servlet. You can get the context, simply using the default getInitialContext(). This should return the context to the local machine. This shoudnt require any ip information.
            >
            >Jason
            >
            >
            

• Moving multiple reporting servers to one server

  Our current environment consists of several 2008 r2 native reporting servers that have there own reporting database.
  Our new environment will be a load balanced 2012 native report server that will use one 1 SQL 2012 reporting database.  How would I go about migrating all the 2008 R2 databases into 1 central database.  I have read up about some migration tools
  that are available but I'm not sure if the tool(s) will allow the option for specifying a specific database, which will allow all the content to moved.
  Any advice would be appreciated.
  Thanks!

  check this thread it might help you
  http://social.msdn.microsoft.com/Forums/sqlserver/en-US/ef79afea-320f-466b-a333-dc3547da7e37/merging-multiple-report-server-instances-into-one?forum=sqlreportingservices
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com

• Multiple AD FS instances in single forest

  Hi, thank you for reading this. I have a little design question about AD FS. The current situation is like this:
  One forest, root domain: domain.lan
  domain.lan contains all user objects
  Three child domains: 1.domain.lan, 2.domain.lan and 3.domain.lan
  AD FS 2.0 server is deployed in domain.lan
  Customer wants an extra AD FS instance for testing purposes.
  I do find some recommendations on the internet, but I still have a few questions:
  Is it true that only one AD FS server (or farm) per forest can be deployed?
  I read that I can have multiple AD FS instances, but not in the same domain. Should I move the current AD FS server to 1.domain.lan (Because the current AD FS server also automatically supports the child domains) and add an AD FS server for testing
  purposes to 2.domain.lan?
  Is the configuration as suggested in point 2 supported by Microsoft?
  Thanks!
  Regards,
  Baksteen

  Hi Mike,
  thank you for your response. I also find the link you provided and it is says that it should be possible, but that only one instance can be active.
  In this thread the same user (Mylo) says it is possible:
  http://social.msdn.microsoft.com/Forums/exchange/en-US/3c8903c8-d6d6-471d-9966-b23c83172a40/active-directory-federation-services-question-can-i-run-two-seperate-adfs-instances-in-my-domain
  In this thread they talk about one instance per forest:
  http://serverfault.com/questions/554199/are-multiple-adfs-instances-needed-when-federating-to-the-same-party-multiple-ti
  In this link they say it should be possible with some downsides:
  http://serverfault.com/questions/280311/is-there-any-downside-to-having-two-adfs-servers-in-a-domain
  In this link they say it is not possible:
  http://community.office365.com/en-us/f/613/t/82093.aspx
  So, I am a little confused now. My questions therefore is, can I have multiple AD FS instances in a forest/domain? And is it supported by Microsoft?
  Thanks again!

• Can multiple 10.1.4.0.1 IDMS servers be installed on the same host?

  As far as I remember 10.1.2.2 was not supporting installation of multiple OID on the same host?
  Can multiple 10.1.4.0.1 IDMS servers be installed on the same host?
  TIA

  Nothing would stop you from installing 11i and R12 on the same server as long as ORACLE_HOMEs, APPL_TOPs, and COMMON_TOPs of each instance are installed in separate directories. The only pitfall would be the performance (unless you have sufficient resources).
  Please don't consider this plan for production instances!
  Thanks,
  Hussein

• PLEASE HELP!! I've used iWeb to create multiple sites, all published to third party servers.  The very last site I made changes to is showing up in any domain file I open - despite their different names and locations on my iMac.  I just switched to Lion.

  Please HELP!!  I just switched to Lion.  I have created multiple websites using iWeb  3.0.4 and despite my having saved their 'domain' files in various locations and using different filenames, upon opening the domain files I keep getting the very last site I published.  All the sites were published to third party servers.  The domain files (still have a preview that look correct and have different file sizes) but keep going back to the last site published. HELP ME PLEASE!! Are the old files still available?!!

  In Lion the Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and hit the Enter button - 10.7: Un-hide the User Library folder.
  To open your domain file in Lion or to switch between multiple domain files Cyclosaurus has provided us with the following script that you can make into an Applescript application with Script Editor. Open Script Editor, copy and paste the script below into Script Editor's window and save as an application.
  do shell script "/usr/bin/defaults write com.apple.iWeb iWebDefaultsDocumentPath -boolean no"delay 1
  tell application "iWeb" to activate
  You can download an already compiled version with this link: iWeb Switch Domain.
  Just launch the application, find and select the domain file you want to open and it will open with iWeb. It modifies the iWeb preference file each time it's launched so one can switch between domain files.
  WARNING: iWeb Switch Domain will overwrite an existing Domain.sites2 file if you select to create a new domain in the same folder.  So rename your domain files once they've been created to something other than the default name.
  OT

• Selective IP filtering for multiple servers in a domain?

  Is it possible to have IP filtering on for certain servers in a
  domain, and not for others?
  This is the situation:
  I am deploying two servers in mydomain, so let's call it serverA
  and serverB. I want serverA to accept all connections while
  serverB accepts connections only from certain IPs. I know you
  can do IP filtering using SimpleConnectionFilter in the
  "Connection Filter" option in Security->General tab of the Admin
  console, but this turns on IP filtering for BOTH serverA and
  serverB! How do I turn it on for one, and not the other? Any
  help would be greatly appreciated. Thank you.
  Leon

  Hi,
  Yes you can have muliple servers in a domain. You can create as many managed
  servers as your hardware can handle. When you added the server, did you use the
  startManagedWebLogic.sh (or .cmd) script to start the server. Once you do that,
  you should see the server as running.
  Hope this helps,
  pat
  "MS" <[email protected]> wrote:
  >
  Hello All,
  Is it possible to have multiple servers in a domain?
  When I add a new server, the State is reported in the weblogic console
  as "UNKNOWN".
  What does this mean?
  rgds
  MS

• Best Practices for Multiple Forms-Reports Instances (WebLogic) on Win2008R2

  Hello all,
  I’ve succeeded in creating two instances of Forms/Report (FR) in WebLogic and am looking at about 5 or 6 FR instances on a one Windows Server 2008R2 box. I understand each instances will have its own folder (FR_Inst1) structure under the Middleware folder. Currently I have two instances configured each with its own Home (FR_Home1 & FR_Home2) and Domain (FR_Domain1 & FR_Domain2). Both the of the separate FP applications function correctly.
  Can multiple similar type instances share a single Home (FR_Home)? Can multiple similar type instances share a single Domain outside of the WebLogic Domain, such as FR_Domain?
  Thanks,
  Ron

  Thanx for the reply! I read through the documents and they are very good at explaining how to install the different components individually. I still can't find much on installing them together. I hope it's not just going to be a trial and error thing.
  So far I've installed done the following successfully:
  Installed 10.3.5 weblogic
  Forms and Reports 11g on top of 10.3.5
  I've created an additional managed server for our ADF applications.
  My next step is upgrading the JSF to 2.x. I would have to stage patches 12917525 and 12979653. I'm afraid it will break the forms and reports though. Any ideas?

• Can we create multiple admin servers in one one weblogic domain.

  Hi All,
  Can we create multiple admin servers in one one weblogic domain.
  if yes, please let me know.
  Thanks

  http://download.oracle.com/docs/cd/E21764_01/web.1111/e13716/toc.htm
  Not through the configuration wizard.
  To handle admin server availability (the admin server is not clusterable). This means that if the admin server goes
  down, you cannot administer your WebLogic Server domain until you bring it back up. In most cases, you may
  not be too concerned if the admin server goes down because all you need to do is restart it. If you use the node
  manager to start the admin server, the node manager can automatically restart a failed admin server just like it can any other server.
  What happens if the machine where the admin server runs fails in such a way that you cannot restart the admin server?
  The answer is simple if you prepare for this event. Proper operation of the admin server relies on several configuration files
  and any application files it controls. Typically, the best thing to do is to store the admin server's directory tree on a shared disk.
  As long as the configuration and application files are accessible, you can restart the admin server on another machine. It is up
  to you to make sure that you don't have more than one admin server running at a time. If the new machine can assume the
  original admin server's Listen Address (or if it was not set), you can simply start the admin server on the new machine without
  any configuration changes.
  Otherwise, you will need to change the admin server's Listen Address. Since the managed servers ping the admin server URL every
  10 seconds until it comes back up, you need to devise a way for the admin server URL to allow the managed server to find the restarted
  admin server on the new IP address. The easiest way to achieve that is using a DNS name that maps to both IP addresses, or better yet
  that is dynamically updated to point to the correct location of the admin server. If this is a graceful shutdown and migration, use the
  WebLogic Console to change the Listen Address just before shutting down the admin server. If not, you will need to edit the config.xml
  file by hand to replace the old Listen Address with the new one. Typically, it is recommended to plan ahead so that everything you need is
  already in place to make admin server failover as painless as possible.

• Multiple SQL Server Instances and MSDTC / AGs usage

  Hello,
   We are in the planning stages of migrating from SQL Server 2008R2 to 2012 to be running on Windows Server 2012, and I have a question about MSDTC, Availability Groups and multiple sql instances on a single box.
   We have a couple of databases that rely on MSDTC so we know they can not participate in Availabilty Groups, but most of the other dbs we use DO NOT need MSDTC so I wondering the following:
  1) Can I install two instanaces of SQL Server on a single box and have one using a local DTC, and therefore unable to use AGs, and the other instance on the same box NOT use DTC and therefor CAN use AGs?
  2) If I can't do this, I assume each instance would need it's one machine. Is that correct?
  Thanks
  Eric

  Hi Eric,
  As described in this
  article, for a given availability group, the availability replicas must be hosted by separate instances of SQL Server residing on different nodes of a WSFC cluster. Thus, we cannot configure a availability group for multiple SQL Server instances that reside
  on a single node.
  In addition, MSDTC is not supported by AlwaysON Availability Groups because
  transaction atomicity/integrity cannot be guaranteed. For example, while
  using a MS DTC transaction, after failover, the new principal contacts MS DTC. But MS DTC has no knowledge of the new principal server, and it terminates any transactions that are "preparing to commit," which are considered committed
  in other databases. However, using Availability Groups together with DTC does not result in an unsupported SQL Server installation. For more information, please review this article:
  Cross-Database Transactions Not Supported For Database Mirroring or AlwaysOn Availability Groups (SQL Server).
  Thanks,
  Lydia Zhang
  Lydia Zhang
  TechNet Community Support

• Multiple portal server instances

  Hello,
  I have one solaris box with JES 2005Q4 installed. I need to set up portal application development environment for multiple developers. I'm thinking about having multiple portal server instances. Is this configuration possible? Should I create multiple directory server and access manager instances as well or is it possible use one with multiple configuration instances?

  Installing multiple instances of portal is only possible if you are installing in a Solaris 10 Whole-Root Zone. Create a new zone for each developer and then install all of the necessary JES components in each zone. This includes Directory, Access Manager, Application Server, and Portal.