How to upgrade AD FS from 2012 R2 / 2016 to newer version 2016 / 2019
If you want to upgrade your AD FS Farm, you can simply add a new node with the new Windows Server Edition to the existing farm as described above.
Then you can execute the following steps:
- Make the new node a Primary (only necessary when using Windows Internal Database) by running the following command on the new node
Set-AdfsSyncProperties -Role PrimaryComputer
- Remove the old node
- Only necessary when using Windows Internal Database
Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName adfs2019.intra.domain.ch
- Remove old Farm node
- Using service account
Remove-AdfsFarmNode -ServiceAccountCredential "domain\sa-adfs"
- Using Group Managed Service Account
Remove-AdfsFarmNode -GroupServiceAccountIdentifier "DOMAIN\GMSA-Adfs$" -Credential "domain\administrator"
- If the server is not available anymore and you just want to remove the node from the farm without uninstalling
Set-AdfsFarmInformation -RemoveNode adfs2016.intra.domain.ch
- Using service account
- Only necessary when using Windows Internal Database
- Upgrade Farm Level (Credentials are used for SQL, if your account has permission you don’t use that)
$Credentials = Get-Credential Invoke-AdfsFarmBehaviorLevelRaise -Credential $Credentials
- With this procedure a new AdfsConfigurationV4 Database will be created, the old one can be removed.
AD FS Farm Behavior Levels (FBL)
| Windows Server Version | FBL | AD FS Configuration Database Name |
| 2012 R2 | 1 | AdfsConfiguration |
| 2016 | 3 | AdfsConfigurationV3 |
| 2019 | 4 | AdfsConfigurationV4 |
The Farm Behavior Level can only be raised, if all nodes running on the same Windows Server Version.
