In this article, I will explain to install Active Directory Federation Services 2.0 (ADFS 2.0) on Windows 2008 R 2.
We need to download the ADFS 2.0 from the Microsoft site (http://technet.microsoft.com/en-us/evalcenter/ee476597.aspx).
Once downloaded it, please place the setup on the server where you want to
install ADFS 2.0.
According to Microsoft, Active Directory Federation Services 2.0 helps IT enable users to collaborate across organizational boundaries and easily access applications on-premises and in the cloud, while maintaining application security. Through a claims-based infrastructure, IT can enable a single sign-on experience for end-users to applications without requiring a separate account or password, whether applications are located in partner organizations or hosted in the cloud.
The first step to integrate with Office 365 is to install and
configure Active Directory Federation Services 2.0. The federation helps to
trust and share information between both directories.
·
The name of the domain to be federated has to
exist in public domain e.g. contoso.co.in
·
This domain (contoso.co.in)
must be validated in Office 365
Let's start work now
We’ll begin by verifying that the Active Directory users
all have a User Principal Name (UPN) that matches the domain to be federated.
In typical scenarios, an easy rule of thumb is to use the email address for the
UPN. There are two methods verify the user account UPN settings. The first is
through the GUI.
- Logon to a
Domain Controller using an account with administrative privileges.
- Open Active
Directory Users and Computers.
- Navigate
to a user, right-click and select Properties.
- Click the Account tab; in the space next to the User Logon Name, verify the UPN suffix is correct. The UPN suffix will begin with @. Verify all users have the correct UPN configured.
The
next step is to create a Security Token Service (STS) DNS record for Active
Directory Federation Services.
- Logon to a DNS server
- Open DNS
Manager from Administrative Tools.
- Expand
Forward Lookup Zones, then right-click the domain name to be federated.
- Click New
Host (A or AAAA).
- In the
Name field enter sts.
- For IP Address enter the externally accessible IP address assigned for Federation Services.
My Federation Service’s name is sts.domainname.co.in
It’s time to install Active Directory Federation Services
2.0.
Logon to the Windows Server 2008 R2 server where you’ll be
installing AD FS 2.0 using an account with Domain Admin privileges.
- Open Windows Explorer, navigate to the folder where the file is stored, right-click the AdfsSetup.exe file, and click Run As Administrator.
The AD FS 2.0 Setup Wizard will start. Click Next
On the EULA screen, accept the License Agreement and press
Next
The select the Federation Server and press Next
Press Next and it will also install the other required
software
Installing the ADFS 2.0 components
We have now completed the ADFS 2.0 installation successfully
to achieve single sign-on and integrate local Active Directory accounts with
Office 365 cloud-based services are complete.
