LAB 1: Installing Active Directory Federation Services



Similar documents
LAB 2: Identity Management

Wavecrest Certificate

Create, Link, or Edit a GPO with Active Directory Users and Computers

Copyright

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SPHOL300 Synchronizing Profile Pictures from On-Premises AD to SharePoint Online

Migrating Active Directory to Windows Server 2012 R2

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

4cast Client Specification and Installation

CA NetQoS Performance Center

HOTPin Integration Guide: DirectAccess

360 Online authentication

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

SCCM Client Checklist for Windows 7

etoken Enterprise For: SSL SSL with etoken

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Trial environment setup. Exchange Server Archiver - 3.0

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Setup Guide for AD FS 3.0 on the Apprenda Platform

WhatsUp Gold v16.1 Installation and Configuration Guide

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

How to add your Weebly website to a TotalCloud hosted Server

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Lab 05: Deploying Microsoft Office Web Apps Server

Lotus Notes 6.x Client Installation Guide for Windows. Information Technology Services. CSULB

Windows Azure Pack Installation and Initial Configuration

Desktop Surveillance Help

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Active Directory integration with CloudByte ElastiStor

RoomWizard Synchronization Software Manual Installation Instructions

Deploying the BIG-IP LTM system and Microsoft Windows Server 2003 Terminal Services

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Releasing blocked in Data Security

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

NSi Mobile Installation Guide. Version 6.2

How to install Small Business Server 2003 in an existing Active

SafeWord Domain Login Agent Step-by-Step Guide

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

Introduction to Unified Device Management with Intune and System Center Configuration Manager

Using Group Policies to Install AutoCAD. CMMU 5405 Nate Bartley 9/22/2005

Specops Command. Installation Guide

Microsoft Exchange 2010 and 2007

Using IIS Application Request Routing to Publish Lync Server 2013 Web Services

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Configuring Outlook for Windows to use your Exchange

Installing and Configuring vcloud Connector

WhatsUp Gold v16.3 Installation and Configuration Guide

WhatsUp Gold v16.2 Installation and Configuration Guide

Professional Mailbox Software Setup Guide

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server:

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Installing and Configuring Login PI

Using Management Shell Reports and Tracking User Access in the NetVanta UC Server

ContentWatch Auto Deployment Tool

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

Deploy the client as an Azure RemoteApp program

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

MadCap Software. Upgrading Guide. Pulse

EM L12 Symantec Mobile Management and Managed PKI Hands-On Lab

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Laptop Backup - User Guide (Windows)

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Installing and Configuring vcloud Connector

ECA IIS Instructions. January 2005

Active Directory Deployment and Management Enhancements

Installation and Configuration Guide

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

Sophos for Microsoft SharePoint startup guide

NETWRIX FILE SERVER CHANGE REPORTER

How To Install And Configure Windows Server 2003 On A Student Computer

ADFS Integration Guidelines

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Sage 200 Web Time & Expenses Guide

ACTIVE DIRECTORY DEPLOYMENT

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

CONFIGURING MICROSOFT SQL SERVER REPORTING SERVICES

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE

Special thanks to the following people for reviewing and providing invaluable feedback for this document: Joe Davies, Bill Mathers, Andreas Kjellman

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

2. Using Notepad, create a file called c:\demote.txt containing the following information:

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Sophos Anti-Virus for NetApp Storage Systems startup guide

How To Take Advantage Of Active Directory Support In Groupwise 2014

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

Administration Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Using Exclaimer Signature Manager with Office 365

LAB: Enterprise Single Sign-On Services. Last Saved: 7/17/ :48:00 PM

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Installation Guide for Pulse on Windows Server 2012

Install the Production Treasury Root Certificate (Vista / Win 7)

Installation and Configuration Guide

DMZ Server monitoring with

Transcription:

LAB 1: Installing Active Directory Federation Services Contents Lab: Installing and Configuring Active Directory Federation Services... 2 Exercise 1: installing and configuring Active Directory Federation Services... 3 Tasks... 3

Lab: Installing and Configuring Active Directory Federation Services Before you begin... This lab depends on the completion of the previous exercises, more specifically the registration of an Office 365 tenant and the configuration of a certificate. What you will learn After completing the exercises, you will be able to install and configure Active Directory Federation Services for Office 365. Scenario Your organization is preparing to move some of its on-premises user accounts to Microsoft Office 365. The power of a local client and on-premises server software, combined with the reach and always up-todate nature of services in the cloud, offers the flexibility that you need. A software-plus-services approach will provide seamless experiences for individuals and information workers. The transition for the online users will be seamless because the users will be able to continue using their regular domain logon accounts and the client software that they are already familiar with. This, allows the company s IT teams to stay focused on their daily activities with little downtime for information workers. Your organization expects to integrate its on-premises Microsoft Exchange Server 2013 organization with its Exchange Online tenant so that you can seamlessly move mailboxes from on-premises into the cloud.

Exercise 1: installing and configuring Active Directory Federation Services In this exercise, you will verify the Active Directory user accounts have the User Principal Name (UPN) suffix that will be used for this and subsequent labs. You will also install and configure Active Directory Federation Services. Tasks 1. Verify the Active Directory user attributes Each on-premises Active Directory user that will be synchronized online must have a UPN suffix that matches the domain which will be federated. a. Logon to Hybrid-DC01 as ONPREM\Admin with a password of pass@word1 b. Open the Start Menu, and then click arrow on the bottom. This should show all the installed applications. c. Click Active Directory Users and Computers. d. In the navigation pane, expand ONPREM.local, and then click Accounts. The users in the Accounts OU were created with the ConfigEnv.ps1 script e. In the results pane, double-click Billy Weaver. f. In the Billy Weaver Properties windows, click the Account tab. g. Under User logon name, verify that the UPN suffix is @studentprefix.hybridexchangeworkshop.com h. Close the Billy Weaver Properties window. i. Repeat these steps for some other random accounts and verify that they all have the correct UPN suffix. 2. Use Microsoft Windows PowerShell to verify UPN values. a. Logon to HYBRID-DC01 as ONPREM\Admin with a password of pass@word1 b. On the desktop, click the PowerShell icon in the task bar. c. At the PS prompt, type the following command and then press Enter: Get-ADUser SearchBase OU=Accounts,DC=ONPREM,DC=local Filter * ft UserPrincipalname -Auto d. Review the UPN suffix for the listed user accounts from the Accounts OU and verify that the UPN suffix matches @studentprefix.hybridexchangeworkshop.com e. Close Windows PowerShell f. Close Active Directory Users and Computers 3. Create a DNS Host Record for Active Directory Federation Services a. Logon to HYBRID-DC01 as ONPREM\Admin with a password of pass@word1 b. Open the Start Menu, and then click arrow on the bottom. This should show all the installed applications. c. Click DNS. d. Expand HYBRID-DC01, expand Forward Lookup Zones, and the click the studentprefix.hybridexchangeworkshop.com DNS zone. e. Right-click the zone and then click New Host (A or AAAA). f. In the New Host window, in the Name box, type adfs g. In the IP address box, type 10.0.1.4 and then click Add Host. h. In the DNS dialog box, click OK.

i. In the New Host window, click Done. j. Close DNS Manager. 4. Install the Active Directory Federation Services feature a. Logon to HYBRID-DC01 as ONPREM\Admin with a password of pass@word1 b. Open the Server Manager c. In the Server Manager, click Manage, and then click Add Roles and Features. d. In the Add Roles and Features wizard, click Next. e. Select Role-based or feature-based installation and click Next. f. In Server Pool, select HYBRID-DC01.ONPREM.LOCAL and click Next. g. Under Roles, select Active Directory Federation Services and click Next h. On the Select Features page, do not select any additional features and click Next. i. On the Active Directory Federation Services (AD FS) page, click Next. j. On the Confirm installation selections page, click Install. Wait for the installation to complete successfully before continuing with the following steps. k. After the installation completed successfully, click Close. 5. Export and Import the certificate We will be using the same wildcard certificate as the one that was used for Exchange. Because it is a wildcard certificate, it is also valid for e.g. adfs.studentprefix.hybridexchangeworkshop.com. In order to import the certificate for ADFS, we first need to export it from the Exchange Server. a. Logon to HYBRID-DC01 and open Internet Explorer. b. Navigate to the following URL: https://mail.studentprefix.hybridexchangeworkshop.com/ecp c. Logon to the Exchange Admin Center with ONPREM\Admin and a password of pass@word1. d. In the Exchange Admin Center, navigate to servers (1) and then certificates (2)

e. From the list of certificates, select ExchangeWildcard f. Click the three dots (...) from the certificate actions and select Export Exchange certificate g. On the export Exchange certificate page, enter the following UNC path: \\hybrid-ex01\c$\certexport.pfx h. Enter a password (remember it!) and then click ok i. Copy the exported certificate from Hybrid-EX01 to Hybrid-DC01 j. On Hybrid-DC01 Open the Start Menu, and type mmc k. In the Search Results on the right-hand side, select mmc. Click Yes in the UAC prompt. l. In the console windows, click File and then Add/Remove Snap-in m. In the Add or Remove Snap-ins window, select certificates from the Available snap-ins and click Add > n. In the Certificates snap-in pop-up window, select Computer account and click Next o. On the Select Computer page, leave the default selected and click Finish p. In the Add or Remove Snap-ins page, click OK q. Navigate to Certificates (Local Computer) > Personal > Certificates and review the list of installed certificates. Right now, there should only be a single certificate called hybrid-dc01.cloudapp.net

r. From the Navigation pane, right-click Certificates and then select All Tasks > Import s. In the Certificate Import Wizard window, click Next t. Click browse and select the exported certificate you copied earlier to Hybrid-DC01. Make sure to include all file types when searching for the certificate u. Once you have selected the certificate, click Next v. Enter the password you chose earlier when exporting the certificate and click Next w. Make sure that the Personal certificate store is selected and click Next x. On the Completing the Certificate Import Wizard page, click Finish y. Click OK to confirm the certificate import. z. Verify that the certificate now shows up in the list along with the hybriddc01.cloudapp.net certificate.

6. Configure Active Directory Federation Services a. On HYBRID-DC01, open the Server Manager and click the Task Details button (1). From there, click Configure the federation service on this server (2): b. On the Welcome page, select Create the first federation server in a federation server farm and then click Next c. On the Connect to Active Directory Domain Services page, leave the pre-populated user account (ONPREM\Admin) and click Next d. On the Specify Service Properties page, select the Wildcard certificate from the list of SSL Certificates. e. Change the entry in Federation Service Name to the following: adfs.studentprefix.hybridexchangeworkshop.com f. Enter the following Federation Service Display Name: Hybrid ADFS and then click Next g. On the next page, click Select and search for the following account: svc-adfs h. After you selected the account, enter the following password: pass@word1 and then click Next i. On the Specify Configuration Database page, select Create a database on this server using Windows Internal Database and click Next j. On the Review Options page, click Next k. After the pre-requisites check completed successfully, click Configure l. Wait for the task to complete. This might take a few moments.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information