Part 1 – Prepare the Local AD FS Server

Before we can federate with Office 365, we need to prepare and install the prerequisite accounts and software.


Create Service Account

Best practices state that AD FS should be installed with a service account. This prevents the AD FS service from running under another user account. This eliminates a number of potential issues


  1. Login to your Domain Controller with an Administrator Account


  2. Open Active Directory Users and Computers


  3. Create a Service Account for AD FS




  4. Add Service Account to local Administrator Group on the AD FS Server


Install AD FS Server Role


  1. Login to the AD FS server with the AD FS service account


  2. Open Server Manager


  3. Click Manage


  4. Click Add Roles and Features


  5. Click Next


  6. Select Role-based or feature-based installation


  7. Click Next


  8. Select the local server


  9. Click Next


  10. Select Active Directory Federation Services


  11. Click Add Features, this will install the required features for AD FS


  12. Click Next


  13. Select .NET Framework 3.5 Features


  14. Click Next


  15. Click Next


  16. Select Federation Service (selected by default)


  17. Click Next


  18. Click Next


  19. Leave default selections for the Web Server Role (IIS)


  20. Click Next


  21. Click Install


  22. Install begins. You can close this window or leave it open to view the progress


    Installation completed


  23. Click Close


Install Sign-in Assistant


  1. Open Internet Explorer



  3. Click Download


  4. Click Desktop Setup


  5. Click Set up to start the Desktop Applications install


  6. Click Run


  7. Desktop Assistant is downloaded


  8. Click Run


  9. Sign in with a Global Administrator account for Office 365.


    I create a shared service account for use with AD FS and Directory Sync. This account does not need a license assigned and should be a tenant account ( Assign the account the Global Administrator role. Use this BLOG post for setting up the user.



  10. Desktop Applications setup starts


  11. Uncheck (if checked) Microsoft Outlook, Microsoft SharePoint and Microsoft Lync


  12. Click Continue


  13. Click Run


  14. Click I Accept


  15. Installing Microsoft Online Sign-In Assistant


  16. Click Finish


Install the Windows Azure Active Directory Module for Windows PowerShell



  2. Click Users and Groups


  3. Click Set up link beside Single Sign-On


  4. Chose Windows 64-bit Version


  5. Click Download


  6. Click Run


  7. Click Next


  8. Accept the License Agreement


  9. Click Next


  10. Choose and install path


  11. Click Next


  12. Click Install


  13. Click Finish


This completes setting up all the pre-required software for the AD FS server.


Complete Series:

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Leave a Reply