David Papkin Setup AD FS Server 2016

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi this is David Popkin from TSI consulting services welcome back to upgrading your skills to Server 2016 in this video demo its implementing ad federated services so the first thing we're going to do is install and configure ad federated services and then afterwards I'm going to configure an internal application for ad federated server so I'm going to go into DNS and server manager notice in 2016 just the look and feel of it a little bit different very similar to 2012 this may be some of the icons etc on this so far I'm going to expand forward look up zone click a datum and then I'm going to say new host or AAA and I'm going to call this one a DFS give it an IP at host great was that it done the next thing I'm going to do is install a DFS a droll a feature next role-based now I'm going to be installing in this one right here I'm going to actually be on this is I'm going to install it on London server 2 I'm going to add another one on this one right here so on London server 2 is the one I'm going to add on this and right here so I'm going to add federated services on this right here next and then I'm going to do is in this install all done next thing I'm going to do is configure ad FS on the notifications right here I need to configure 8 the federated services now I'm going to do is this I'm going to create the first one in a farm so right here okay now in this one I'm going to use this account for the current user and the SSL cert of course I have to have one already ATF asset good and the display name on this one right here is going to be a datum corporation I'm going to create a managed service account count name a DFS I'm going to create this one using the windows internal database review options it's going to go next great and I'm going to click on configure the next step we're going to verify ad functionality I'm going to sign in as Beth then I'm going to try to do is with ie so under all apps ie when is accessories Internet Explorer then i'm representor so as you can see that's file loaded so therefore federated services is working so I've installed and configured federated services and verified its functioning because I viewed the Federation metadata XML file contents the next thing I'm going to do is configure an internal application for a DFS I'll configure claims providers so on server to ad FS management and I'm going to go in the clean provider trust and I'm going to do is here I'm going to edit claim rules of course I could do it here and right click it into edit claim rules or gotten it there also I'm going to add a rule now I want to do is send LDAP attributes as claims next I'm going to give it a name and then the attributes store I'm going to pick ad here on mapping the one there down this one right here email addresses here I'm going to pick email address for the user principal name I'm going to pick UPN and the display name I'm going to pick name over here and I'm going to click on it okay great and finish and say okay on the next one I'm going to do is I'm going to configure the application to trust incoming claims now please note that I am switched to look server one because I installed on server two I'd installed the ad FS on this and this one right here I'm going to go to the windows identity Foundation Federation utility on the location box now this is the path to the sample location that will trust the incoming claims from the Federation server and this one right here next I'm going to use it in existing STS so this is the metadata document location just to let you know I want you to see what it was I've pasted it in there already next I'm going to disable certificate chain validation no encryption these are the claims that are going to be offered by the Federation server right here now these are the changes that only made to the sample application by the Federation utility wizard so this is the application information this is the security token service selection these are the claims requested by the application and this is the output then finish it all goes well say ok fantastic next thing I'm going to do is I'm going to configure a relying party trust for the claims aware application so I'm going to relying party trust I'm going to do is on here I'm going to add relying party trust I'm going to start I'm going to import data about the relying one and a local network and next now the display name on this one a day dumb test up I'm going to do is in this commit everyone and next okay in this one specify the monitoring so if it's relying the Federation metadata URL great and I'm going to close it okay great now the next thing I'm going to do is here I'm going to configure claim rules for the relying party trust take a look right here I'm going to click on edit claims issuance policy and right here I'm going to do is this I'm going to add a rule pass through a filtering and next so I've typed past the windows account name here and from the drop down box here I pick windows account name which was a little bit far down here and it got it windows account name finish then I'm going to do is I'm going to add another rule select pass through a filter next and this one I'm going to put pass to email address so I called it pass to email address and I'm going to look for email address right there good finish add another rule now I call this one pastor UPN but UPN there finish let me add another rule call this one pass-through name going to select name finish then okay now the next thing I want to do is I want to test access to the claims of your application now I'm going to do is i'm not using edge i haven't tested this with edge to see if this will actually work or not so i put this in here and it says attempting so i'm going to type in a datum beth come over okay now notice the claim information on here date on Beth so it worked now we don't want to have to do is type in authentication information when you open the browser so I want to configure ie to pass the local credential information and on the Start menu we go to internet options okay so internet options Security tab I'm going to local internal intranet sites advanced I'm going to add this website to the zone and I'm going to add ad FS datum dot-com add close okay now of course I'm going to do is I'm going to open up ie so this time after I put it in it didn't ask me didn't ask me for anything it just it as it just showed me all about sin formation that'll can blew this demo for implementing a DFS this is David Popkin and thank you for watching
Info
Channel: David Papkin
Views: 27,798
Rating: 4.2244897 out of 5
Keywords: david papkin, ad fs, server 2016
Id: fIToYazJ4Ig
Channel Id: undefined
Length: 17min 15sec (1035 seconds)
Published: Sat Aug 13 2016
Related Videos
Installing ADFS on Windows Server 2012 R2
itfreetraining
118K
ADMT (Active Directory Migration Tool) - ADMT 3.2 Step by Step Installation and Migration Full
Labs Hands On
90K
Understanding ADFS an Introduction to ADFS - Trust Considerations - Part 2
NetworkedMinds
62K
David Papkin Failover Cluster in Server 2016
David Papkin
28K
Routing and Remote Access Windows Server 2016
Rich Media
3.3K
ADFS single sign on part 3 Windows Server 2016 - 20742B M10
Enayat Meer
2.8K
Installing Enterprise CA for AD FS on Windows Server 2012
itfreetraining
28K
How to configure and add an additional ADFS server into the ADFS farm
Dr.Keyboard
830
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.