Change SharePoint ADFS 2.0 to $.0

The following protocol will help you change your SharePoint ADFS security provider from  version 2.0 to the 2016 version 4.0.

Hi level steps for changing the security provider including uploading a new certificate and running a power shell to change the SharePoint token issuer settings.


  1. RDP your SharePoint  application server.
  2. Upload your new ADFS farm SSL certificate to your Application server and place it on the C drive.
    • create a folder on the c drive for example : c:\sharepoint\SSLcertificates
    • upload your new ADFS certificate to this folder on the application serve
  3. Open your PowerShell editor with Administrator account and take a snapshot of the current setting of your SPTrustedIdentityTokenIssuer.
    • take a snapshot of your current security provider settings so you will be able to roll back if needed.
    • use the following PowerShell :


This short script will change the certificate from your current ADFS to the new ADFS server. I used this script to change ADFS 2.o to ADFS 4.0

One important note!

You will need to run New-SPTrustedRootAuthority on the authority certificate provider in order to prevent getting the error that the root authority is not trusted.

#Site Certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“C:\yourpath\Authcertificate.cer”)
new-SPTrustedRootAuthority -Name “ADFS4.0Auth” -Certificate $cert

# ADFS Certificate
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2(“C:\your token provider certificate path”)
New-SPTrustedRootAuthority -Name “ADFS4” -Certificate $cert
$ti = Get-SPTrustedIdentityTokenIssuer
$ti.ProviderUri = ‘https://yourADFS domain/ADFS/ls/‘
$ti.SigningCertificate = $cert