Configure resource account options
Updated: September 13, 2007
Applies To: Windows Server 2003 R2
By adjusting resource account options in the resource Federation Service, resource partner administrators can refine how access control for federated users is administered and delegated on an account partner–by–account partner basis. Use the following procedure to adjust resource account options .
|We recommend that you first review information about each resource account option before you modify the default resource account setting. For more information about resource account options, see Select the optimal resource account option.|
Perform this procedure on a resource federation server.
To complete this procedure, you must be a member of the Administrators group on the local computer.
To configure resource account options
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, and then double-click Account Partners.
Right-click the account partner whose resource account behavior you want to change, and then click Properties.
Click the Resource Accounts tab.
Select one of the following options for using resource accounts for this account partner, and then click OK:
Resource accounts exist for all users (Resource group claim mappings are not checked.)
Resource accounts exist for some users (prefer resource account) (First, check for resource accounts. If they do not exist, use the resource groups in the token.)
Resource accounts exist for some users (prefer groups in token) (First, process resource groups in tokens. If none exist, check for resource accounts.)
No resource accounts exist for this account partner (Check only for resource groups in tokens.)
- Resource accounts exist for all users (Resource group claim mappings are not checked.)