Deployment Active Directory Federation Service

Active Directory Federation Service, the main thing is to allow office 365 services through the federation service host to us AD to verify, and then achieve the goal of Single Sign-On with Office 365.

Install Active Directory Federation Services Server (if you Install Azure AD Connect with Customized settings, this was being installed)

Depending on your environment, you may setup a single server or a load-balanced configuration with multiple servers.

  1. Logon ADFS server.
  2. Open Server Manager. To open Server Manager, click Server Manager in the taskbar on the desktop.
  3. In the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features. Alternatively, you can click Add Roles and Features on the Manage menu.
  4. On the Before you begin page, click Next.
  5. On the Select installation type page, click Role-based or Feature-based installation, and then click Next.
  6. On the Select destination server page, click Select a server from the server pool, verify that the target computer is selected, and then click Next.
  7. On the Select server roles page, click Active Directory Federation Services, and then click Next.
  8. On the Select features page, click Next. The required prerequisites are preselected for you. You do not have to select any other features.
  9. On the Active Directory Federation Service (AD FS) page, click Next.
  10. After you verify the information on the Confirm installation selections page, click Install.
  11. On the Installation progress page, verify that everything installed correctly, and then click Close.

Install the AD FS server role via Windows PowerShell

On the computer that you want to configure as a federation server, open the Windows PowerShell command window, and then run the following command:

Install-windowsfeature adfs-federation –IncludeManagementTools


Configure External DNS A Record for ADFS

To resolve the ADFS name from external, an A record must be created in the public DNS that points to the public IP of the ADFS server.

Configure Internal DNS for ADFS

You need to configure internal DNS as follow if the internal domain name doesn’t match the domain to federate with office 365.

  1. Logon to Domain control Server.
  2. Open the DNS Manager, right click the Forward Lookup Zones item and select New Zone option.
  3. The New Zone Wizard opens. Click Next.
  4. Select Primary zone option and thick Store the zone in Active Directory. Click Next.
  5. Select option To all DNS servers running on domain controllers in this domain: domain.local then click Next.
  6. Type the Zone name giving same name assigned to the ADFS and click Next.
  7. Select Allow only secure dynamic updates and click Next.
  8. Click Finish to create the new zone.
  9. right click the new created zone and select New Host (A or AAAA) option.
  10. Leave the Name blank and type the IP address of the ADFS server previously configured.
  11. Don’t enable Create associate pointer (PTR) record. Click Add Host when done.
  12. Click OK to close the confirmation window.

Hope you enjoy this post.

Cary sun