Installing and Configuring Active Directory Federation Services (AD FS) On Server 2019

Active Directory Federation Services Overview

Active Directory Federation Services provides access control and single sign on across a wide variety of applications including Office 365, cloud-based SaaS applications, and applications on the corporate network.

  • For the IT organization, it enables you to provide sign on and access control to both modern and legacy applications, on premises and in the cloud, based on the same set of credentials and policies.
  • For the user, it provides seamless sign on using the same, familiar account credentials.
  • For the developer, it provides an easy way to authenticate users whose identities live in the organizational directory so that you can focus your efforts on your application, not authentication or identity.

Install the AD FS server role

To install the Federation Service role service

Start Server Manager. To start Server Manager, click Server Manager on the Windows Start screen, or click Server Manager on the Windows taskbar on the Windows desktop. 

On the Quick Start tab of the Welcome tile on the Dashboard page, click Add roles and features.

On the Before you begin page, click Next.

On the Select installation type page, click Role-based or feature-based installation, and then click Next.

On the Select destination server page, click Select a server from the server pool, verify that the target computer is selected, and then click Next.

On the Select server roles page, click Active Directory Federation Services, and then click Next.

On the Select features page, click Next.

On the Active Directory Federation Service (AD FS) page, click Next.

After you verify the information on the Confirm installation selections page, select the Restart the destination server automatically if required check box, and then click Install.

On the Installation progress page, verify that everything installed correctly, and then click Close.

The next step is to configure the federation server. 

Configure the federation server

To configure the federation server

On the Server Manager Dashboard page, click the Notifications flag, and then click Configure the federation service on the server. The Active Directory Federation Service Configuration Wizard opens.

On the Welcome page, select Create the first federation server in a federation server farm, and then click Next

On the Connect to AD DS page, specify an account with domain administrator rights for the Active Directory domain that this computer is joined to, and then click Next.

On the Specify Service Properties page, do the following, and then click Next:

  • Import the SSL certificate that you have obtained earlier. This certificate is the required service authentication certificate. Browse to the location of your SSL certificate.
  • To provide a name for your federation service, type This value is the same value that you provided when you enrolled an SSL certificate in Active Directory Certificate Services (AD CS).
  • To provide a display name for your federation service, type GITS.

You have the option of using a Windows Internal Database (WID) or SQL Server. If you have a small environment/lab then use WID. If you have a large environment use a SQL database. Click Next

Note: WID is a limited version of SQL Express that doesn’t have a GUI or management interface. The WID database is a file (SUSDB.dbf) stored in C:\Windows\wid\data\

 Click Next

If everything checks out click Configure

Once complete click Close

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s