Part 1 – Prepare the Local AD FS Proxy Server

Since the AD FS Proxy server is in the DMZ, do not domain join the server. It functions just fine without being domain joined and you will needlessly open firewall ports from the DMZ to the Internal network.

 

Set the External Domain

Since the server is not domain joined and is technically a web server, it’s recommended that you set the internal domain name.

  1. Login to the AD FS server with the AD FS service account

     

  2. Open Server Manager

     

  3. Click Local Server

     

  4. Click the Computer Name

     

  5. Click Change

     

  6. Click More

     

  7. Enter the External domain name

     

  8. Click OK

     

  9. Click OK

     

  10. Reboot

 

Install AD FS Proxy Server Role

  1. Login to the AD FS server with the AD FS service account

     

  2. Open Server Manager

     

  3. Click Manage

     

  4. Click Add Roles and Features

     

  5. Click Next

     

  6. Select Role-based or feature-based installation

     

  7. Click Next

     

  8. Select the local server

     

  9. Click Next

     

  10. Select Active Directory Federation Services

     

  11. Click Add Features, this will install the required features for AD FS

     

  12. Click Next

     

  13. Select .NET Framework 3.5 Features

     

  14. Click Next

     

  15. Click Next

     

  16. Leave default selections for the Web Server Role (IIS)

     

  17. Click Next

     

  18. Click Next

     

  19. Uncheck Federation Service (selected by default)

     

  20. Select Federation Service Proxy

     

  21. Click Next

     

     

  22. Click Install

     

  23. Install begins. You can close this window or leave it open to view the progress

     

    Installation completed

     

  24. Click Close

 

Install Sign-in Assistant

  1. Open Internet Explorer

     

  2.  

  3. Click Download Software

     

  4. Click Desktop Setup

     

  5. Click Set up to start the Desktop Applications install

     

  6. Click Run

     

  7. Desktop Assistant is downloaded

     

  8. Click Run

     

  9. Sign in with a Global Administrator account for Office 365.

     

    I create a shared service account for use with AD FS and Directory Sync. This account does not need a license assigned and should be a tenant account (@domain.onmicrosoft.com). Assign the account the Global Administrator role. Use this BLOG post for setting up the user.

     

     

  10. Desktop Applications setup starts

     

  11. Uncheck (if checked) Microsoft Outlook, Microsoft SharePoint and Microsoft Lync

     

  12. Click Continue

     

  13. Click Run

     

  14. Click I Accept

     

  15. Installing Microsoft Online Sign-In Assistant

     

  16. Click Finish

 

Install the Windows Azure Active Directory Module for Windows PowerShell

 

  1.  

  2. Click Users and Groups

     

  3. Click Set up link beside Single Sign-On

     

  4. Chose Windows 64-bit Version

     

  5. Click Download

     

  6. Click Run

     

  7. Click Next

     

  8. Accept the License Agreement

     

  9. Click Next

     

  10. Choose and install path

     

  11. Click Next

     

  12. Click Install

     

  13. Click Finish

 

This completes setting up all the pre-required software for the AD FS Proxy server.

 

Complete Series:

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

4 thoughts on “Part 1 – Prepare the Local AD FS Proxy Server

  1. Joey Biancardi

    You say that you log on to the ADFS server, are you referencing the ADFS proxy server or the actual ADFS server. It just doesn’t make much sense that you would install the Proxy role on the ADFS server. Am I just reading it wrong?

    Reply

Leave a Reply