AD FS

Active Directory Federation Services

0

Connect to AD FS 2016 WID Using SQL Server Management Studio

Posted on by Rhoderick Milne [MSFT]

As part of troubleshooting a recent Windows Server 2016 AD FS issue, I wanted to take a look at the database using SQL Server Management Studio (SSMS).  In order to successfully connect there are a couple of gotchas to note as the database used was the Windows Internal Database (WID).  This is the default AD FS 2012 R2 and 2016 deployments.  There is no SQL management interface and the correct con… Read the rest “Connect to AD FS 2016 WID Using SQL Server Management Studio”

7

Easy Way To Retrieve Certificate Thumbprint Using PowerShell

Posted on by Rhoderick Milne [MSFT]

Since many certificate operations involve knowing the certificate’s thumbprint, it is always useful to to have an easy way to get this information.  In some of the online documentation it mentions you can copy the thumbprint out of the Certificate MMC snap-in and then manually delete the spaces between the data.  No thanks.

However, if you *really* want to do that, or a quick and easy way to launch… Read the rest “Easy Way To Retrieve Certificate Thumbprint Using PowerShell”

2

Renewing AD FS Certificates – Updated Guidance

Posted on by Rhoderick Milne [MSFT]

TLS certificates come and go.  By their nature they have a set life span and then they must be renewed.  While this is nothing new, I’ve being doing this since the 1990s, the process may become a little more frequent for some customers as the industry is eliminating three year certificates see 3-Year Certificates to Be Eliminated in Industry-Wide Change for example.

In the posts for deploying AD FS Read the rest “Renewing AD FS Certificates – Updated Guidance”

1

Update WAP Published Application Certificate

Posted on by Rhoderick Milne [MSFT]

A base Web Application Proxy (WAP) provides AD FS proxy capability in addition to also publishing on-premises web applications to the Internet.  This can be used to publish services such as Exchange OWA and Autodiscover.

Publish Applications using AD FS Preauthentication can used in certain situations to pre-authenticate the incoming request before it is passed onto the internal server.  Alternative… Read the rest “Update WAP Published Application Certificate”

1

WAP 2016 Published Application Not Working – HTTP Error 503

Posted on by Rhoderick Milne [MSFT]

Imagine the situation.  You just finished deploying AD FS 2016 and Web Application Proxy (WAP) servers in a highly available environment with the AD FS namespace load balanced internally and externally.  There are multiple AD FS servers and WAP servers.  This is an interesting deployment project and all is going well.   After verifying that core AD FS and WAP functionality works as expected you th… Read the rest “WAP 2016 Published Application Not Working – HTTP Error 503”

4

How to Enable IdpInitiatedSignon Page In AD FS 2016

Posted on by Rhoderick Milne [MSFT]

One of the deployment validation and testing tools which was also present in earlier AD FS releases is the /IdpInitiatedSignon.htm page.  This page is available by default in the AD FS 2012 R2 and earlier versions.  Though it should be noted this page is disabled by default in AD FS 2016.

From the system you wish to test from, navigate to the AD FS namespace's idpinitiatedsignonpage.  This will be i… Read the rest “How to Enable IdpInitiatedSignon Page In AD FS 2016”

3

PSRemoting for Office 365 AD FS Configuration

Posted on by Rhoderick Milne [MSFT]

When configuring AD FS for Office 365, one of the final steps is to link Azure AD with the on-premises AD FS deployment.  This should occur only after AD FS and WAP servers have been fully deployed, verified and tested.

When linking the AD FS infrastructure with Office 365, we must use the Azure AD PowerShell module.  We need to point the module at the primary AD FS server using the Set-MsolADFSConRead the rest “PSRemoting for Office 365 AD FS Configuration”

0

How To Install AD FS 2016 For Office 365 – Part 3

Posted on by Rhoderick Milne [MSFT]

Here we are in part three already!  Previously we completed the below two phases in the AD FS deployment.

How To Install AD FS 2016 For Office 365

How To Install AD FS 2016 For Office 365 – Part 2

This post assumes that the domain was previously added as a standard domain, also called managed, and the domain will require conversion. Now we want to change the Office 365 domain to be a federated domain.… Read the rest “How To Install AD FS 2016 For Office 365 – Part 3”

0

How To Install AD FS 2016 For Office 365 – Part 2

Posted on by Rhoderick Milne [MSFT]

This is the second in a series of three posts which will walk you through installing, configuring and connecting AD FS 2016 to Office 365.  In part one we installed the AD FS server on our corporate network, and tested that it was working.

In this second post we need to make the AD FS infrastructure available to the Internet in a secure fashion, so that Office 365 will be able to contact AD FS to au… Read the rest “How To Install AD FS 2016 For Office 365 – Part 2”

2

How To Install AD FS 2016 For Office 365

Posted on by Rhoderick Milne [MSFT]

This is a step by step guide to installing and configuring Windows Server 2016 Active Directory Federation Services (AD FS) for use with Office 365.  If you still wish to deploy the previous version of AD FS (Windows Server 2012 R2 AD FS), then please start with this post.  For those with a keen eye, the 2012 R2 post was published exactly three years ago today.

The act of deploying and configuring … Read the rest “How To Install AD FS 2016 For Office 365”