Uninstalling AD FS in Windows Server 2012

In my post Uninstalling AD FS 2.0 (and deleting the databases) I described how to uninstall AD FS 2.0 from Windows Server 2008 or 2008 R2.  While the process is fundamentally the same there are some subtle differences in Windows Server 2012 that mean the instructions in the previous post won’t work.  I felt I should post the differences and cover how to uninstall AD FS 2.1.

The two changes that tripped me up were the Windows Internal Database (WID) connection string and the location of the WID data files.  You connect to WID on Windows Server 2012 using the string:

\\.\pipe\MICROSOFT##WID\tsql\query

The default data file directory for WID on Windows Server 2012 is:

C:\Windows\WID\data

So you delete the AD FS database files using:

del C:\Windows\WID\data\adfs*

Otherwise the process is essentially the same:

  1. Retrieve the certificate sharing container (assuming you’re using auto certificate rollover feature)

    (Get-ADFSProperties).CertificateSharingContainer | clip
    
  2. Uninstall AD FS

    Remove-WindowsFeature adfs-federation
    
  3. Remove the databases from WID

    I downloaded SQL Server 2012 Express Management Tools to connect to WID and execute the T-SQL DML.

    • Connect:
      \\.\pipe\MICROSOFT##WID\tsql\query
    • Delete:
      use master;
      go
      sp_detach_db 'adfsconfiguration';
      go
      sp_detach_db 'adfsartifactstore';
      go
      
  4. Delete the data files

    del C:\Windows\WID\data\adfs*
    
  5. Uninstall WID

    Note that the name has changed in 2012. In Windows Server 2008/R2 the ServerManager name for WID was Windows-Internal-DB. In Windows Server 2012 it is Windows-Internal-Database!

    Remove-WindowsFeature windows-internal-database
    
  6. Clean-up IIS

    • Open IIS manager.  Expand <server> | Sites | Default Web Site | adfs
    • Right-click on ls and click Remove
    • Right-click on adfs and click Remove
    • Be sure to remove LS and then ADFS and don’t just remove ADFS otherwise you’ll be in the applicationHost.config deleting XML elements.
    • Click Application Pools (further up the tree) and right-click on ADFSAppPool and click Remove.
    • Lastly delete the folders and files.
      del c:\inetpub\adfs –Recurse
      
  7. Uninstall IIS?

    The previous task is not required if you uninstall IIS.

    Remove-WindowsFeature web-server
    
  8. Clean-up AD DS

    $delme = New-Object System.DirectoryServices.DirectoryEntry(
    "LDAP://CN=42bc22f5-e636-412f-9175-ba75912d4b4a,CN=ADFS,CN=Microsoft,CN=Program Data,DC=rnd,DC=litware-inc,DC=com")
    $delme.DeleteTree()
    

You can one-line that deletion too…

image

Check the previous post for a more thorough description.

Advertisements

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in AD FS and tagged , , , , , . Bookmark the permalink.

6 Responses to Uninstalling AD FS in Windows Server 2012

  1. Pingback: Uninstalling AD FS 2.0 (and deleting the databases) | Yet another identity management blog

  2. Hi,can you help me?
    I need to delete windows server 2012 R2 data center server manager configuration and restore it ot its factory default settings.I need it because I get these errors:
    http://postimg.org/image/6zzp4d8bj/
    http://postimg.org/image/wljm9x74j/
    http://postimg.org/image/ny8fns82p/

  3. Andrews says:

    Great tutor! Thaks!

  4. Bharath Kumar says:

    Hi,

    I got stuck at the stage where we delete the ADFS DBs. When I logged on to SQL server, I am seeing that the DBs are in Recovery Pending mode. I am unable to detach the DBs. Is there any other way to delete the DBs ?

    Thanks,
    Bharath

  5. Bharath Kumar says:

    Hi,

    I am unable to detach the adfs databases as they are in recovery pending mode. I installed adfs with a wrong certificate so, I need to remove it and re-installing using correct one. Now the Dbs are not accessible as they are in recovery pending mode, I can neither detach them nor delete them.

    Please help!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s