My customer needs to implement AD FS for single sign on due to a cloud based email solution they recently implemented. The problem is, their domain controllers are Server 2003 (non-R2) at a functional level of 2003 mixed mode. They should be able to raise to 2003 native if necessary however. Their solution is to create a new 2008 domain and implement a two-way trust, running AD FS in the new domain serving the clients in the 2003 domain. This way should be quicker than upgrading their current domain which would be a rather large project due to their size and complexity.
Are there any gotcha's I should know about with doing it this way? I have verified that we can create the two-way trust between domains of these functional levels, and AD FS can service clients in a trusted domain, but I am not entirely sure if AD FS will care that the trusted domain is 2003 non-R2. Can anyone confirm if this will be a feasible scenario?
Thanks very much!!
Wraith