Active Directory Federation Services (AD FS) is tightly integrated with Active Directory Domain Services (AD DS). When your AD FS configuration uses AD DS as an account store, AD FS retrieves user attributes from AD DS and authenticates users against AD DS. AD FS also uses Windows Integrated Authentication and the security tokens that AD DS creates.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
You can use the following procedure to add an AD DS account store to your AD FS configuration.
|To add an AD DS account store|
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
In the console tree, double-click Federation Service, Trust Policy, and My Organization.
Right-click Account Stores, point to New, and then click Account Store.
On the Welcome to the Add Account Store Wizard page, click Next.
On the Account Store Type page, click Active Directory Domain Services (AD DS), and then click Next.
You can have only one AD DS store that is associated with a Federation Service. If the Active Directory Domain Services option is not available, it is because an AD DS store has already been created for this Federation Service.
If you do not want to enable this account store now, on the Enable this Account Store page, clear the Enable this account store check box, and then click Next.
To add the new account store and close the wizard, click Finish.