\n
![\"\"](\"https:\/\/qbytes.cloud\/wp-content\/uploads\/2018\/02\/addr1.png\")
<\/a><\/p>\n<\/p>\n
Click Next<\/p>\n
Select Role Based<\/p>\n Select the Server and Next<\/p>\n Select Active Directory Federation Services<\/p>\n Leave the default and select next<\/p>\n Select Next<\/p>\n Select Install<\/p>\n Once Installation is complete, Click Close. Now we can configure the service.<\/p>\n The ADFS service will need a certificate. Follow the steps below to configure the SSL certificate.<\/p>\n <\/p>\n Click Start and then type “run”.<\/p>\n In the console, select “File” > “Add\/Remove Snap-in”.<\/p>\n Select “Certificates” > “Add”.<\/p>\n Select “Computer Account”.<\/p>\n Select “Local Computer”. Then “Finish”.<\/p>\n Click Finish.<\/p>\n On the following screen, right click on “Personal”, go to “View” and then click on “Options”.<\/p>\n Select “Certificate Purpose” and then “OK”.<\/p>\n Right Click on “Server Authentication”. Go to All Tasks and click on “Request New Certificate”.<\/p>\n Click Next.<\/p>\n Click Next.<\/p>\n Select the ADFS SSL Certificate. If you have not created this, please see this KB on how too install it.<\/p>\n <\/p>\n Success page. Click Finish.<\/p>\n Now Close MMC. Choose “No” and close.<\/p>\n <\/p>\n Now, back at the server manager, click the top yellow warning icon at the top of server manager and click on “Configure the federation service on this server”.<\/p>\n Select “Create the first federation server in a federation server farm” as we are adding the first one.<\/p>\n Select the account and click next.<\/p>\n Select the SSL Certificate from the drop down and give the Federation Service a Display Name that the users will see at the login.<\/p>\n On the next page we are informed that we need to run a powershell command to add a Root Key. Windows manages the account and password for the service account.<\/p>\n To run the command, click on the top of the server manager page to display (do not close the ADFS wizard as we will need to come back to it).<\/p>\n Select All Servers on the left and then right click on the Domain Controller and then click on Windows PowerShell.<\/p>\n Run the command:<\/p>\n Exit PowerShell. Now bring up the\u00a0ADFS wizard again. Click Previous.<\/p>\n Now click Next.<\/p>\n Now the warning is gone and we can set up the Group Managed service Account as “FsGmsa (Federation Service, Group Managed Service Account)”.<\/p>\n Now, we need a databse to store the configuration data. In this case, I am creating an internal database.<\/p>\n Review Options.<\/p>\n Next is the check. Click Configure.<\/p>\n **Please note the warning that the root key<\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\nInstalling Enterprise CA for Active Directory Federation Services<\/a><\/h5>\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\nAdd-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)\n\n<\/pre>\n
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n