Part 1 – Prepare the Local AD FS Server

Before we can federate with Office 365, we need to prepare and install the prerequisite accounts and software.

 

Create Service Account

Best practices state that AD FS should be installed with a service account. This prevents the AD FS service from running under another user account. This eliminates a number of potential issues

 

  1. Login to your Domain Controller with an Administrator Account

     

  2. Open Active Directory Users and Computers

     

  3. Create a Service Account for AD FS

     

     

     

  4. Add Service Account to local Administrator Group on the AD FS Server

 

Install AD FS Server Role

 

  1. Login to the AD FS server with the AD FS service account

     

  2. Open Server Manager

     

  3. Click Manage

     

  4. Click Add Roles and Features

     

  5. Click Next

     

  6. Select Role-based or feature-based installation

     

  7. Click Next

     

  8. Select the local server

     

  9. Click Next

     

  10. Select Active Directory Federation Services

     

  11. Click Add Features, this will install the required features for AD FS

     

  12. Click Next

     

  13. Select .NET Framework 3.5 Features

     

  14. Click Next

     

  15. Click Next

     

  16. Select Federation Service (selected by default)

     

  17. Click Next

     

  18. Click Next

     

  19. Leave default selections for the Web Server Role (IIS)

     

  20. Click Next

     

  21. Click Install

     

  22. Install begins. You can close this window or leave it open to view the progress

     

    Installation completed

     

  23. Click Close

 

Install Sign-in Assistant

 

  1. Open Internet Explorer

     

  2.  

  3. Click Download
    Software

     

  4. Click Desktop Setup

     

  5. Click Set up to start the Desktop Applications install

     

  6. Click Run

     

  7. Desktop Assistant is downloaded

     

  8. Click Run

     

  9. Sign in with a Global Administrator account for Office 365.

     

    I create a shared service account for use with AD FS and Directory Sync. This account does not need a license assigned and should be a tenant account (@domain.onmicrosoft.com). Assign the account the Global Administrator role. Use this BLOG post for setting up the user.

     

     

  10. Desktop Applications setup starts

     

  11. Uncheck (if checked) Microsoft Outlook, Microsoft SharePoint and Microsoft Lync

     

  12. Click Continue

     

  13. Click Run

     

  14. Click I Accept

     

  15. Installing Microsoft Online Sign-In Assistant

     

  16. Click Finish

 

Install the Windows Azure Active Directory Module for Windows PowerShell

 

  1.  

  2. Click Users and Groups

     

  3. Click Set up link beside Single Sign-On

     

  4. Chose Windows 64-bit Version

     

  5. Click Download

     

  6. Click Run

     

  7. Click Next

     

  8. Accept the License Agreement

     

  9. Click Next

     

  10. Choose and install path

     

  11. Click Next

     

  12. Click Install

     

  13. Click Finish

 

This completes setting up all the pre-required software for the AD FS server.

 

Complete Series:

Getting to know the NEW Office 365

  1. Does Microsoft have FREE training for the NEW Office 365?
  2. Signing up for the NEW Office 365
  3. Adding and Verifying a Domain for the NEW Office 365
  4. Creating Cloud Users for the NEW Office 365
  5. Configuring Desktops for the NEW Office 365
  6. Exchange 2003 Cutover Migration to the NEW Office 365
  7. Exchange 2007 Cutover Migration to the NEW Office 365
  8. Setting up AD FS and Enabling Single Sign-On to the NEW Office 365
  9. Setting up AD FS Proxy Servers for Single Sign-On to the NEW Office 365
  10. Setting up Directory Synchronization with the NEW Office 365
  11. Activating and Licensing a Synchronized User in the NEW Office 365
  12. Testing Single Sign-on to the NEW Office 365
  13. Making the Single Sign-On Solution Highly Available
  14. Exchange Hybrid Deployment with the NEW Office 365

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps

Office 365 MVP

Email Me Follow me on Twitter Connect with me on LinkedIN Facebook Me

Leave a Reply