- How To Install ADFS 2012 R2 for Office 365 – http://blogs.technet.com/b/rmilne/archive/2014/04/28/how-to-install…
- AD FS 2.0 Sign-In Pages Overview – https://technet.microsoft.com/en-us/library/ee895359.aspx
- Create AD FS service accounts
- Configure farm or stand alone settings
- Add additional server
- Convert from standard to federated domain
- Manage certificate life cycle
Mock Exam Samples
Which local rights must be assigned to a custom account that will function as the AD FS service account?
A. Allow log on locally
B. Allow log on through remote desktop services
C. Log on as a batch job
D. Log on as a service
Correct answers: C and D
C. Correct: The AD FS service account must have the Log On As A Batch Job and the Log On As A Service rights on each server that will function as an AD FS server.
D. Correct: The AD FS service account must have the Log On As A Batch Job and the Log On As A Service rights on each server that will function as an AD FS server.
When performing initial AD FS configuration, you need to provide the credentials of an account that has certain privileges. Which of the following privileges must the account have?
A. Domain administrator
B. Enterprise administrator
C. Schema administrator
D. Backup operator
Correct answer: A
A. Correct: When configuring AD FS you need to provide the credentials of an account that has domain administrator privileges.
You are in the process of installing AD FS on a computer running Windows Server 2012 R2. Under which conditions can you use a group Managed Service Account for the AD FS service account?
A. The KDS Root Key has been configured.
B. KMS has been deployed in your environment.
C. You have at least one domain controller running Windows Server 2012 or later.
D. DNSSEC has been configured.
Correct answers: A and C
A. Correct: To use a group Managed Service Account for the AD FS service account, both the KDS Root Key must be configured and at least one domain controller in the domain must be running Windows Server 2012 or later.
C. Correct: To use a group Managed Service Account for the AD FS service account, both the KDS Root Key must be configured and at least one domain controller in the domain must be running Windows Server 2012 or later.
You want to ensure that each of the five AD FS servers in your farm have write access to the AD FS database. Which of the following must you do to accomplish this goal?
A. Configure AD FS to use the Windows Internal Database.
B. Configure AD FS to use a SQL Server database.
C. Configure AD FS to use a group Managed Service Account.
D. Configure AD FS to use a wildcard Service Communications Certificate.
Correct answer: B
B. Correct: When AD FS uses SQL Server for the AD FS database, all servers in the farm have write access.
Active Directory Federation Services (AD FS) allows a local Active Directory (AD) to integrate with Office 365. The federation of the domains allows single-sign-on capabilities for users. This means that users can use their corporate (network) credentials to login and access Office 365 services. You plan to configure a federation server farm environment in AD FS. Which accounts do you need to configure in Active Directory Domain Services (AD DS)? Choose the best option(s) from those listed below.
A: Administrator account
B: Network service account
C: Dedicated service account
D: Standard user account
Explanation: When a federation server farm environment is configured in AD FS a dedicated user/service account needs to be created. The dedicated service account should be created and configured in AD DS where the farm is located. Each federation server in the farm must be configured to use this account.
Correct Option(s): A: Dedicated service account
- A: Administrator account – An administrator account is a user account with special privileges. An administrator account typically is used to make various configuration changes and perform administrative tasks such as configuring security settings, install software, or hardware and managing user accounts. An administrative account is not configured in AD DS when configuring a federation server farm environment.
- B: Network service account – A network service account is a Windows service account. It is a local account that is used by the service control manager. The network service account should not be used as the dedicated user service account. It can cause random failures when access is attempted through Windows Integrated Authentication.
- D: Standard user account – A standard user account is a type of user account that can allow users to perform standard functions on a computer such as using programs installed on their computer. Typically, a standard user cannot install or uninstall programs, delete required computer files, or make changes that can affect other users. A standard user account would not be configured in AD DS when configuring a federation server farm environment.