Microsoft Office Tutorials and References
In Depth Information
Installing and configuring AD FS 2.0
● Be familiar with the SSO experience your users will see and have a communication
● Understand the requirements for AD FS.
● Remediate your AD by ensuring you have the right UPN suffix added.
● Ensure existing users have the correct primary UPN suffix.
● Install IIS on the AD FS server.
● Create and install the security certificate for the default website in IIS on the AD FS
Download AD FS from Office 365
Do not directly add the AD FS role to the server through the Turn Windows features on
or off link in Control Panel. Download and use AdfsSetup.exe instead.
When you have completed the preceding tasks, you are ready to install AD FS 2.0:
1. Create a service account for AD FS. In AD, create a service account that the AD FS
service will use. Make sure this service account is part of the Administrators group
of the local AD FS server. No special AD group memberships are required for this
account; Domain Users is sufficient. We assume you know how to create AD service
accounts and assign group membership in AD, so we do not provide details about
how that is done.
2. Download the AD FS 2.0 software. The AD FS software package is a single executable
file called AdfsSetup.exe. You can download it from the Microsoft Download Center
as shown in Figure 3-27. Follow the instructions at the Download Center, which
eventually will lead you to a list of the AdfsSetup.exe options. Select the package that
applies to your server operating system.