Close

BLOGS

Installing and Configuring Active Directory Federation Services (ADFS)

Introduction

Active Directory Federation Services (AD S) in the Windows Server 2012 R2 OS provides flexibility for organizations that want to enable their users to log on to applications that are located on a local network, at a partner company, or in an online service. With ADFS, your company can manage its own user accounts, and users only have to remember one set of credentials. However, those credentials can provide access to a variety of applications, which typically are located in different locations.

 

Create a DNS record for AD FS

On Domain controller (DC1) server, open DNS console and add new host. In the New Host box, type adfs, in the IP address box, type 172.16.0.10, and then click. Add Host and click OK. Open Server Manager and click Manage -> Add Roles and Features

 

Role-based or feature-based installation should be selected then click Next:

Select the server you want to install this role then click Next:

Note: Web Application Proxy role and AD FS cannot be installed on the same computer.

Select Active Directory Federation Services then click Next:

No additional Features are needed. Click Next:

The AD FS role does not required a reboot. Click Install:

Now click on Close to complete installation process.

 

Post-Deployment Configuration

Back on Server Manager under Notifications click the message Configure the federation service on this server. Since this is our first AD FS server select the first option then click Next:

Ensure the account you are logged into has Active Directory Domain Admin permissions. If not then click Change. Click Next to continue:

SSL Certificate: On the drop down menu you will see the certificates installed on the server. You can use the default self signed or use one you create. Ensure you have it in .PFX format. 

Federation Service Name: Give your AD FS a FQDN name.

Federation Service Display Name: Enter a display name

Click Next to proceed.

Note about Federation Service Name: If you are installing AD FS on a Domain Controller or want to use a different FQDN for AD FS than the server you will need to ensure the name you enter has a DNS Record created. Since this is my home lab I am putting AD FS on my Domain Controller and needed to create a DNS entry.

Note about SSL Certificate: If you imported a certificate you will see it added to your Personal Certificates. On the Specify Service Account tab you may get the following message. If you want the Wizard to create a Service Account for you then proceed to the PowerShell window below. If you want to create a Service Account manually you can add it by selecting the second option.

PowerShell Commands

Get-Help Add-KdsRootKey 

Add-KdsRootKey -EffectiveImmediately – Generate root key


Enter the Service Account you want to use and click Next:

Note: Ensure this user account is added to the local administrators group of your AD FS server. It is required to setup Microsoft Web Application Proxy.


You have the option of using a Windows Internal Database (WID) or SQL Server. If you have a small environment/lab then use WID. If you have a large environment use a SQL database. Click Next:

Note: WID is a limited version of SQL Express that doesn’t have a GUI or management interface. The WID database is a file (SUSDB.dbf) stored in C:\Windows\wid\data\

For additional information about using a SQL Server database click here.

Click Next & configure



AD FS is now installed and is ready for testing! Open a web browser and go to the URL below and click Sign In:

https://ADFS_FQDN/adfs/ls/idpinitiatedSignOn.aspx

You should get a login box, enter your domain credentials, once logged in you should show the below screen.

Print
Posted: May 29, 2018,
Categories: Security,
Comments: 0,
Author: Urish Arora
Tags: adfs
Rate this article:
5.0

Urish AroraUrish Arora

Other posts by Urish Arora

, Contact author

Please login or register to post comments.

Name:
Email:
Subject:
Message:
x

SEARCH

Categories

Subscribe to our blog

«May 2019»
MonTueWedThuFriSatSun
293012345
6789101112
13141516171819
20212223242526
272829303112
3456789

  • Featured Posts
  • Recent Posts
  • Recent Comments
Dynamics365Authority is a community platform for Professionals and Students to contribute or share their knowledge and skills on Microsoft Dynamics 365 Technologies. Our primary goal is to invite professionals on Dynamics 365 technology across the world to contribute & share their knowledge and skills through their blogs so that we can help other developers.
Stay updated with Dynamics 365 technology. Improve skills and knowledge from our blogs, articles and code snippets. Learn it. Follow professionals and learn from them.
Unified Service Desk Book(Online Edition) 

FOLLOW US

Stay connected with us on our social media channels for latest articles, blogs posts etc.  We will keep updating regularly on our social media platform and web platform.

FACEBOOK

Follow us on Facebook

 

TWITTER

View all our tweets

 

DYNAMICS365AUTH

Join us now

 

BLOGS

View our blogs

 

 

Latest Blog

Posted: Apr 30, 2019

Find which privileges are applied to which roles in Dynamics 365 with privileges discovery

This blog is about Find which privileges are applied to which roles in Dynamics 365 with privileges discovery

Read more
Posted: Apr 30, 2019

Dynamics 365 Field Security

This blog is about Field Security in Dynamics 365

Read more
Posted: Apr 30, 2019

Access Team Templates in Dynamics 365

This blog is about Access Team Templates in Dynamics 365

Read more
RSS

ADDITIONAL RESOURCES

Dynamics 365 Authority.com - Search the library for "Dynamics 365"

  What's New in Dynamics 365

  Dynamics 365 Documentation

  

  Sign-up for 30 days trial

 

 

Recent comments

Ashish:

Nice blog. Very helpful to get all references to white papers at one place.

Previous Next

About Us

Here comes the Dynamics 365 Authority - Great technical blog posts are hidden gems. They are hard to find simply because not enough of us write them in the first place. Yet technical blogging is one of the best things we can do not only for ourselves, but also as members of the wider community of developers.

Dynamics 365 Authority leverages this platform to help developers and users to move from traditional paper-based process to modern digital business process. Dynamics365Authority.com helps your business grow, evolve and transform.

Dynamics365Authority.com is your Digital Transformation Partner

Recent Posts

Find which privileges are applied to which roles in Dynamics 365 with privileges discovery

This blog is about Find which privileges are applied to which roles in Dynamics 365 with privileges discovery

  • 3
  • Article rating: No rating

Dynamics 365 Field Security

This blog is about Field Security in Dynamics 365

  • 3
  • Article rating: No rating
RSS

Get in touch

Follow Us

 

Tag cloud: Dynamics365Authority.com with Urish Arora; Dynamics365Authority.com; Sales; Leading community site on MS Dynamics 365; Dynamics 365 Authority; Service;Top CRM Blogs; Urish Arora - Australia's leading expert on Digital Transformation;  Digital Transformation; Field Service;Top Articles on MS Dynamics CRM Relationship Insights; Office 365 Security Compliance; Project Service; Microsoft Dynamics 365 for Sales; Relevance Search; Goal Metrics; Activities and Case; Sales Literature;Knowledge Management;

Terms Of UsePrivacy StatementCopyright 2019 by Dynamics365Authority
Back To Top