Home » IT - Microsoft » Add a federation server to the federation server farm in Windows Server 2012 R2

Add a federation server to the federation server farm in Windows Server 2012 R2

Escribe tu dirección de correo electrónico para suscribirte a este blog, y recibir notificaciones de nuevos mensajes por correo.

Join 5 other followers

February 2016
M T W T F S S
« Nov   Mar »
1234567
891011121314
15161718192021
22232425262728
29  

NO! A LOS TOROS

Disclaimer

All messages posted to this blog are provided "AS IS" with no warranties, and confer no rights. The content of this site are personal opinions and might not represent the Microsoft Corporation view. Regarding any sample code that we provide: This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment. THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. This blog serves 2 purposes. Firstly, I want to share information with other IT pros about the technologies we work with and how to solve problems we often face. Secondly, I use my blog as a notebook. There's so much to learn and remember in our jobs that it's impossible to keep up. By blogging, I have a notebook that I can access from anywhere. Anything you do to your IT infrastructure, applications, services, computer or anything else is 100% down to your own responsibility and liability. Mcselles bears no responsibility or liability for anything you do. Please independently confirm anything you read on this blog before doing whatever you decide to do.
Advertisements

After you install the Active Directory Federation Service (AD FS) role service on your computer running Windows Server 2012 R2, you are ready to configure this computer to become a federation server.

You can complete the following procedures to add this computer as a first federation server to an existing federation server farm.

ImportantImportant
Make sure that you have obtained a valid SSL server authentication certificate before you complete this procedure. For more information, see Review the requirements for deploying AD FS.

  1. On the Server Manager Dashboard page, click the Notifications flag, and then click Configure the federation service on the server.

    The Active Directory Federation Service Configuration Wizard is launched.

  2. On the Welcome page, select Add a federation server to a federation server farm and click Next.

  3. On the Connect to AD DS page, specify an account with domain administrator permissions for the AD domain that this computer is joined to and then click Next.

  4. On the Specify Farm page, provide the name of the primary federation server in a farm using WID or specify the database host name and the database instance name of an existing federation server farm using SQL.

    WarningWarning
    In , there is a workaround for specifying the SQL server default instance. The workaround is to not use the user interface. Instead, use the steps in To configure the first federation server in a new federation server farm via Windows PowerShell.

  5. On the Specify SSL Certificate page, import the .pfx file containing the SSL certificate and key that you have obtained earlier. This is the required service authentication certificate. As stated in the ‘Certificate Requirements’ section of Review the requirements for deploying AD FS you must obtain this certificate and copy it onto the computer that you want to configure as a federation server. To import the .pfx file via the wizard, click Import and browse to the file’s location. Specify the password for the .pfx file when prompted.

  6. On the Specify Service Account page, specify the same service account that you configured when you crated the first federation server in the farm. You can use an existing group Managed Service Account or an existing domain user account.

    ImportantImportant
    The account you specify must be the same account as the one that was used on the primary federation server in this farm.

  7. On the Review Options page, verify your configuration selections and click Next.

  8. On the Pre-requisite Checks page, verify that all pre-requisite checks were successfully completed, and then click Configure.

  9. On the Results page, review the results and whether the configuration has completed successfully, and then click Next steps required for completing your federation service deployment. For more information, see Next steps for completing your AD FS installation. Click Close to exit the wizard.

You can add a federation server to an existing farm using either an existing gMSA or an existing domain user account.

  • If you want to join a federation server to a farm using an existing gMSA account, do the following:

    1. On the computer that you want to configure as a federation server, make sure that the required SSL certificate has been imported into the Local Computer\My Store. You can verify whether the SSL certificate has been imported by running the following command in the Windows PowerShell command window: dir Cert:\LocalMachine\My. The certificate is listed by its thumbprint in the Local Computer\My Store.
    2. On the computer that you want to configure as a federation server, open the Windows PowerShell command window, and run the following command:

      Add-AdfsFarmNode -GroupServiceAccountIdentifier <domain>\<GMSA_name>$ -PrimaryComputerName <first_federation_server_hostname> -CertificateThumbprint <certificate_thumbprint>
      

      <domain>\<GMSA_name> is your AD domain and the name of your GMSA account in that domain. <first_federation_server_hostname> is the hostname of the primary federation server in this existing farm. 

      You can obtain the value for <certificate_thumbprint> by running dir Cert:\LocalMachine\My in the above step.

      noteNote
      If this is NOT the first time you run this command, add –OverwriteConfiguration.

      noteNote
      The command above creates a WID farm node. If you want to create a SQL server farm node, you must have the SQL server already installed and operational.

      You can use the following command to add a federation server to an existing farm using SQL server: Add-AdfsFarmNode -GroupServiceAccountIdentifier <domain>\<GMSA_name>$ -SQLConnectionString "Data Source=<SQL_Host_Name>\<SQL_instance_ name>;Integrated Security=True" where SQL_Host_Name is the name of the server on which SQL server is running, andSQL_instance_name is the name of the SQL instance. If you are using the default SQL Server instance, use a SQLConnectionString value of "Data Source=<SQL_Host_Name>;Integrated Security=True".

  • If you want to join a federation server to a farm using an existing domain user account, do the following:

    1. On the computer that you want to configure as a federation server, open the Windows PowerShell command window and run the following command: $fscred = get-credential. Enter the domain user account credentials that you want to use for the federation service account in the format domain\username.
    2. On the computer that you want to configure as a federation server, make sure that the required SSL certificate has been imported into the Local Computer\My Store. You can verify whether the SSL certificate has been imported by running the following command in the Windows PowerShell command window: dir Cert:\LocalMachine\My. The certificate is listed by its thumbprint in the Local Computer\My Store.
    3. In the same Windows PowerShell command window, run the following command:

      Add-AdfsFarmNode -ServiceAccountCredential $fscred -PrimaryComputerName <first_federation_server_hostname> -CertificateThumbprint <certificate_thumbprint>
      

      noteNote
      If this is NOT the first time you run this command, add –OverwriteConfiguration.

      noteNote
      The command above creates a WID farm node. If you want to create a SQL server farm node, you must have the SQL server already installed and operational. You can use the following command to add a federation server to an existing farm using SQL server: Add-AdfsFarmNode -ServiceAccountCredential $fscred -SQLConnectionString "Data Source=<SQL_Host_Name>\<SQL_instance_ name>;Integrated Security=True" where SQL_Host_Name is the name of the server on which SQL server is running, andSQL_instance_name is the name of the SQL instance. If you are using the default SQL Server instance, use a SQLConnectionString value of "Data Source=<SQL_Host_Name>;Integrated Security=True".


Source: https://msdn.microsoft.com/en-us/library/azure/dn528858.aspx

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Microsoft on the Issues

News and perspectives on legal, public policy and citizenship topics

Mike Crowley's Whiteboard

“There are no limits to what you can accomplish when you are supposed to be doing something else."

T.B.D.

There Be Dragons

Ken Cenerelli

My life in software development

VMware, Windows, Virtualization (Servers & Desktops)

VMware, Windows, Virtualization (Servers & Desktops)

Just a random "Microsoft Server / Client Tech" info..

"Feeding Your Training and Technology Obsessions"

WordPress.com

WordPress.com is the best place for your personal blog or business site.

DocSharing

Documentación técnica, notas y apuntes sobre Administración de Sistemas, Servidores, Redes y más

Microsoft Taste

Mary's Blog

%d bloggers like this: