To configure an Exchange Server 2013 hybrid deployment with Office 365 you need to have Active Directory Federation Services (AD FS) configured properly in your on-premise environment. The short series of articles about AD FS show you the easy steps to configure your AD FS deployment.
In preparation for a proper deployment of AD FS 2.1 with Windows Server 2012 we need to the following components ready:
- Third Party SSL Certificate
- Active Directory Service Account for the AD FS Service
The following steps describe the process of importing the required SSL certificate before the AD FS setup wizard is executed. The prerequisite for importing the SSL certificate you need to have the certificate exported as a PFX file.
Open a new MMC and add the Certificates Add-In for the local computer to the console. Afterwards use the import task to start the Certificate Import Wizard.
Click Next on the first page of the Certificate Import Wizard.
Select the PFX file and click Next.
Enter the password for the secured PFX file and make sure that the “Mark private key as exportable” is deselected. Click Next.
Make sure the selected certificate store is Personal. Click Next.
Verify the displayed details and click Finish to import the SSL certificate.
The required service account is being setup as a default service domain user in the appropriate organizational unit. The account itself will be configured during AD FS setup.
Now all prerequisites are met to install and configure AD FS.
After preparing the prerequisites in the first section of this article. We now turn our attention to the installation of the Active Directory Federation Services (AD FS) Server Role on Windows Server 2012.
Open the Server Manager Dashboard and click the Add roles and features link
Click Next in the following step, but notice the fact the you can Start the Remove Roles and Features Wizard, after you have chosen to add a role or feature.
Select Role-based or feature-based installation and click Next.
As we are adding a server role to the current server select Select a server from the server pool, make sure that the current server is selected and click Next.
Select Active Directory Federation Services from the available roles list.
After selecting the role a pop-up window will be displayed automatically to add required role services or features. Leave the selection as-is and click Add Features.
After you have been returned to the Server Roles step click Next.
Do not select any additional features in the next step, just click Next.
Click Next to skip the initial AD FS step.
Select the Federation Service, the AD FS 1.1 Web Agents, the AD FS 1.1 Claims-aware Agent and click Next.
Click Next to skip the initial Web Server Role stop.
Do not change the preselected IIS Role services and click Next.
Verify the installation selection and click Install to start the installation of the AD FS role services.
After the successful installation click Close.
After adding the AD FS role to Windows Server 2012 you will notice a warning sign in the Server Manager task list.
Currently we have just added the AD FS role service, but we have not configured AD FS. This will be described in the next article of the series.
Links