When you add more than one account store to your Active Directory Federation Services (AD FS) configuration, account-store priority determines the order in which AD FS uses account stores. AD FS attempts to authenticate users beginning with the first account store. Only when authentication fails for a user does AD FS attempt to authenticate the user with the next account store in the priority list. AD FS tries to authenticate a user until the user is successfully authenticated or until all account stores have been tried. AD FS stops trying additional account stores as soon as one account store successfully authenticates a user.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
You can use the following procedure to configure the account store priority.
|
To configure the account store priority |
-
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
-
In the console tree, double-click Federation Service, Trust Policy, and My Organization.
-
Right-click Account Stores, and then click Store Priority.
-
In the Account Store Prioritization dialog box, select an account store, use the Up and Down buttons to move the account store in the priority list, and then click OK.