AD FS 2.0: How to Set the Primary Federation Server in a WID Farm

Summary

When we deploy an Active Directory Federation Services (AD FS) 2.0 Federation Server farm, we have the option of choosing Windows Internal Database (WID) or SQL to store the configuration information. When we select WID, which is the default in the Initial Configuration Wizard GUI, the first Federation Server in the farm becomes the primary Federation Server. All other servers in the farm are considered secondary Federation Servers.

The WID database on the primary server is read/write and the WID database on the secondary server(s) are read-only. Changes made to the configuration are made only on the primary Federation Server and those changes are replicated (5 minutes interval by default) to the secondary servers via WID database synchronization.

In the event that the primary Federation Server becomes unavailable and will not be brought back online, the administrator needs to promote one of the secondary Federation Servers to primary for the farm.

Command to run on the secondary server which we want to make primary:

Add-PsSnapin Microsoft.Adfs.PowerShell

Set-AdfsSyncProperties -Role PrimaryComputer 

Now that we have set a new Primary Federation Server, we need to configure the other Secondary Federation Servers to sync with the new Primary Federation Server

Command to run on the other farm member servers:

Add-PsSnapin Microsoft.Adfs.Powershell

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName {FQDN of the Primary Federation Server}