AD FS 2.0: How to Change the Federation Service Name

When AD FS 2.0 is initially configured, the Federation Service Name is determined using the subject of the SSL certificate bound to the Default Web Site in IIS. There may come a time when you need to change to another Federation Service name. The steps needed to accomplish this task are detailed below:

1. Change the Federation Service Name in the Federation Service Properties of the AD FS 2.0 console.

-Select the Service node, right-click the Service node, select Edit Federation Service Properties

2. Change the SSL binding of the Default Web Site in IIS to use a certificate which has a subject or subject alternative name (SAN) with the new Federation Service Name

3. Change the** Service Communications** certificate in the AD FS 2.0 console to use the same certificate you bound to the Default Web Site in step 2.

4. Update DNS to resolve the new Federation Service Name

-If you have a Federation Server Proxy or isolated DNS zones, be sure to handle internal DNS, external DNS, hosts files, etc.

5. Register the HOST/{new_Federation_Service_name} Service Principal Name (SPN) on the AD FS 2.0 service account

See: http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-2-0-how-to-configure-the-spn-serviceprincipalname-for-the-service-account.aspx

6. Ask your partners to refresh based on your new Federation Metadata

-https://{new_Federation_Service_Name}/federationmetadata/2007-06/federationmetadata.xml