1

Exam Ref. 70-346: Office 365

Chapter 5: Implement and manage federated identities 179

Contents Objective 5.1 Plan requirements for AD FS ................................................................................... 1

Objective 5.2 Install and Manage AD FS Servers ........................................................................ 15

Objective 5.3: Install and manage AD FS Proxy servers .............................................................. 26

Objective 5.1 Plan requirements for AD FS

2

https://technet.microsoft.com/en-us/library/dn554241.aspx

3

4

5

6

7

8

9

10

11

12

13

14

15

Objective 5.2 Install and Manage AD FS Servers

When you run the AD FS Configuration Wizard and specify the service account, as shown in

Figure 5-22, the AD FS configuration process will automatically configure the appropriate

Service Principle Names (SPN). You can use the setspn.exe command line tool if you want to

register the SPN manually. To do this, you use the command with the following format:

Setspn.exe –a host/<server name> <service account>

16

For example, to configure the SPN for the server adfs.adatum346er.net for the service account

adfssvc, issue the following command using an account that has domain administrator privileges:

Setspn.exe –a host/adfs.adatum346er.net adfssvc

With AD FS in Windows Server 2012 R2, you have the option of using a group Managed

Service Account (gMSA). Group Managed Service Accounts have their passwords managed by

Active Directory. This makes them more secure than a manually created account configured such

that the password never expires. Group Managed Service Accounts require that at least one

domain controller in the domain is running Windows Server 2012 or later.

17

18

19

20

21

22

23

24

25

26

Objective 5.3: Install and manage AD FS Proxy servers

27

28

29

30

31

32

End of Chapter 5!!!