After AD FS is implemented the servers will still need to be managed. Management tasks include maintaining the certificates and managing the WID roles. In the Managing your Server video, Sharon will demonstrate the PowerShell commands to switch the primary and secondary server WID roles and discuss the certificate life cycle.
- [Voiceover] The AD FS infrastructure…will have to be maintained which includes…managing the servers and certificate life cycles.…By default AD FS creates the X509 self signing certificate…that is used for securely signing all tokens…that the federation server in Office 365 will accept.…This certificate will be renewed automatically…and this is the recommended best practice.…The SSL certificate from the trusted third-party CA…will have to be managed and replaced before expiry.…
This can only be done on the primary AD FS Server…in the farm.…We're going to do this through the AD FS management console.…In order to manage our SSL certificate…we're going to do that through the Active Directory…federation service management console.…To access this console go to Tools,…AD FS Management.…Pop into the certificates folder and then we're…going to go ahead and select the Set Service…Communication certificate.…
A list of all of our communication certificates…will be presented.…We are looking for the certificate…that we acquired from the third-party trusted CA.…
Here, system admins will learn how to implement and manage federated identities for single sign-on in Office 365. Microsoft Certified Trainer Sharon Bennett shows how to plan for an Active Directory Federation Services (AD FS), install the AD FS role on Windows Server 2012 R2, and install and manage AD FS proxy servers.
Note: This training course maps to the Implement and Manage Federated Identities for SSO domain for Microsoft Certification exam 70-346.
- Planning for AD FS
- Sizing your infrastructure
- Configuring clients
- Installing the AD FS role
- Managing your servers
- Installing and configuring the AD FS proxy
- Tips for taking Microsoft Certification exam 70-346