We have one domain/forest, about 200 servers, 2003, 2008 and 2012. Our DCs are also 2008R2 and 2012. My new project: Implement ADFS SSO so users using our Intranet will be able to reach resources located in different company/forest - our HR partner. I received somewhat detailed instructions, but many questions still remain. We don't have ADFS installed in our domain, so my first question - ADFS is just a service running on the server (from what I've read so far), so where am I supposed to install it? On our Intranet server or on one of our DCs? I am having hard time understanding if ADFS is bound to just a server where it is installed or once installed on any server in the domain it applies to all servers in that domain. I hope I made my point clear.
so if users need to acces resources on our partner's domain (just one URL) from our Intranet server do I need to install ADFS on that Intranet server, or maybe on one of my DCs?
I am focusing here on ADFS part only, SSO is a different story and not the part of my question.