Upload
vumien
View
226
Download
3
Embed Size (px)
Citation preview
1
Exam Ref. 70-346: Office 365
Chapter 5: Implement and manage federated identities 179
Contents Objective 5.1 Plan requirements for AD FS ................................................................................... 1
Objective 5.2 Install and Manage AD FS Servers ........................................................................ 15
Objective 5.3: Install and manage AD FS Proxy servers .............................................................. 26
Objective 5.1 Plan requirements for AD FS
2
https://technet.microsoft.com/en-us/library/dn554241.aspx
3
4
5
6
7
8
9
10
11
12
13
14
15
Objective 5.2 Install and Manage AD FS Servers
When you run the AD FS Configuration Wizard and specify the service account, as shown in
Figure 5-22, the AD FS configuration process will automatically configure the appropriate
Service Principle Names (SPN). You can use the setspn.exe command line tool if you want to
register the SPN manually. To do this, you use the command with the following format:
Setspn.exe –a host/<server name> <service account>
16
For example, to configure the SPN for the server adfs.adatum346er.net for the service account
adfssvc, issue the following command using an account that has domain administrator privileges:
Setspn.exe –a host/adfs.adatum346er.net adfssvc
With AD FS in Windows Server 2012 R2, you have the option of using a group Managed
Service Account (gMSA). Group Managed Service Accounts have their passwords managed by
Active Directory. This makes them more secure than a manually created account configured such
that the password never expires. Group Managed Service Accounts require that at least one
domain controller in the domain is running Windows Server 2012 or later.
17
18
19
20
21
22
23
24
25
26
Objective 5.3: Install and manage AD FS Proxy servers
27
28
29
30
31
32
End of Chapter 5!!!