Add an Attribute Store

Applies To: Active Directory Federation Services (AD FS) 2.0

User accounts and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) 2.0 are stored in an attribute store, such as Active Directory Domain Services (AD DS). The claims issuance engine uses attribute stores to gather data that is necessary to issue claims. Data from the attribute stores is then projected as claims.

You can use the following procedure to add an attribute store to the Federation Service.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To add an attribute store

  1. Click Start, point to Programs, point to Administrative Tools, and then click AD FS 2.0 Management.

  2. Under the AD FS 2.0\Trust Relationships folder, right-click Attribute Stores, and then click Add an attribute store.

  3. In the Add an attribute store dialog box, configure the following properties for the attribute store that you want to add:

    • In Display name, type the name that you want to use to identify the attribute store.

    • In Attribute store type, select a supported attribute store type, either Active Directory, LDAP, or SQL.

    • In Connection string, if you have selected either a Lightweight Directory Access Protocol (LDAP) store or a Structured Query Language (SQL) store, enter the string that you used to establish a connection to the attribute store. For Active Directory attribute stores, no connection string is necessary; therefore, this field is disabled.

Note

AD FS 2.0 automatically creates an Active Directory attribute store, by default.

  1. Click OK.

Additional references

Checklist: Configuring the Account Partner Organization

The Role of Attribute Stores