Server name or IP address—Provides a space for you to type the name or IP address of the Active Directory Lightweight Directory Services (AD LDS) server.

Port number—Provides a space for you to type the TCP/IP port number for the account service. You can also click the up or down arrows to select a new setting. The default port number is 389.

Search base distinguished name—Provides a space for you to type the base distinguished name for the search. If you specify the base distinguished name, searches are performed on the specified subtree. Otherwise, the entire directory tree is searched.

Search timeout (in seconds)—Indicates the maximum time that the Federation Service waits for a response from the AD LDS server before timing out the connection. The default search time-out period is five seconds.

User name attribute—Provides a space for you to log on the user to the AD LDS store. Clients log on to the client logon Web page by providing a user name and password. Active Directory Federation Services (AD FS) attempts to search and bind to the object whose username attribute value matches the value that is provided by the user.

Enable TLS/SSL protocols—Specifies whether Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols are enabled or disabled. Select the check box to enable these protocols. Clear the check box to disable these protocols.

If TLS/SSL is enabled for the AD LDS account store properties in the trust policy, the user credentials are protected.


We strongly recommend that the traffic between the AD LDS server and the federation server be protected by TLS/SSL or by other means, such as Internet Protocol security (IPsec).

Additional references