Direct Inward Dialing: +1 408 916 9892
To add ADFS as a role, open Server Manager, and navigate to Manage > Add Roles and Features. Click Next, to open the Add Roles and Features Wizard.
Select Role-based and Feature-based installation and click Next.
In the Server Selection step, choose Select a server from the server pool and click Next.
From the server roles list, select Active Directory Federation Services and click Next.
In the next step, select .Net Framework 4.5 Features and click Next and Next again.
Click Install.
Once the feature installation process is over, click Close.
Go back to Server Manager and look for the Notifications tab on the right side.Click the message Configure the federation service on this server.
In the Configuration Wizard, select Create the first federation server in a federation server farm.
In the next step, select your account to perform federation service configuration.
In the next window, you will be asked to add the SSL certificate, Federation Service Name and Federation Service Display Name. You can select a certificate from the ones installed on the server or make one yourself. The certificate has to be in .PPX format. Federation Service Name is the FQDN of your AD FS and you can enter a display name of your choice. Click Next.
Note: Make sure that the FQDN of your ADFS has been updated in the DNS.
Specify a service account. You can either manually create one in the Wizard or go to Windows PowerShell for the Wizard to create one for you.
Follow the steps to create the service account. Then enter the name of your group managed service account in the space given and click Next.
In the Specify Database section, you are given the option to choose between a WID database or an SQL database. If yous is a small organization, then use WID. Otherwise, go for SQL.
In the next section, you will be asked to review the settings. If everything looks okay, click Next.
In the next window, click on Configure. And then, close the Wizard.
Use Set-AdfsProperties cmdlet on PowerShell to enable ldp-initiated Sign-on.
Open a web browser and copy this link - https://ADFS_FQDN/adfs/ls/idpinitiatedSignOn.aspx
You should see the name of your domain and be able to successful sign in.
You have successfully configured AD FS on your domain controller.
ADAudit Plus is a real-time Active Directory auditing and reporting tool that has a n exclusive section for ADFS audit reports. This section has reports on logon successes, logon failures and extranet lockouts and so on. These reports can help troubleshoot problems with account lockouts and also detect any malicious interference in the network. These reports are only a part of the over 200 pre-packaged audit reports that can be generated in a few clicks.
