Managing a high-availability environment often requires scaling back or replacing aging infrastructure. When you need to , simply turning off the machine isn't enough; the configuration will still exist in the AD FS database, leading to management errors and synchronization issues.
Best practice for security if the server is permanently retired. WAP – How to remove a WAP Server from WAP clusters
Use the following command to filter out the decommissioned server (replace 'ServerToRemove' with the FQDN of the node you are removing): powershell remove web application proxy server from cluster
Open Server Manager and click > Remove Roles and Features . Select the target server and uncheck Remote Access .
This guide outlines the standard procedures to gracefully decommission a WAP node using PowerShell and Server Manager. 1. Removing the WAP Node via PowerShell WAP – How to remove a WAP Server
If you are completely dismantling the WAP infrastructure rather than just removing one node, you may need to remove the proxy trust on the AD FS side. Remove-AdfsWebApplicationProxyRelyingPartyTrust .
Set-WebApplicationProxyConfiguration –ConnectedServersName ((Get-WebApplicationProxyConfiguration).ConnectedServersName -ne '://domain.com') Use code with caution. Log into a different
Note: Using the aliases swpc (Set) and gwpc (Get) is also common in technical documentation. Verify the server is gone by running: powershell (Get-WebApplicationProxyConfiguration).ConnectedServersName Use code with caution. 2. Decommissioning the Server Role
The most direct way to remove a specific server from the WAP cluster list is through PowerShell. This method updates the ConnectedServersName property across the entire cluster. Log into a different, active WAP server in the cluster. Open PowerShell as an Administrator.
Ensure external/internal records no longer point to the removed IP. Certificate Authority