Checklist: Configuring Both Sides of a Federated Trust Using Export/Import
Applies To: Windows Server 2008
By using the export/import features that are included with Active Directory Federation Services (AD FS) in Windows Server 2008, administrators can simply export their trust policy settings to an .xml file and then send that file to the partner administrator. This exchange of partner policy files provides all the uniform resource identifiers (URIs), claim types, claim mappings, other values, and the verification certificates that are necessary to create a federated trust between the two partner organizations.
This checklist includes tasks for deploying Active Directory Federation Services (AD FS) partners using the export/import functionality in Windows Server 2008. It also includes tasks for configuring the components that are required to establish both sides of a working federation partnership.
Note
Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.
.gif)
Checklist: Deploying partner organizations using import / export
| Task | Reference | |
|---|---|---|
.gif) |
Review important changes to AD FS since the Windows Server 2003 R2 release, including improved trust establishment using the new export/import feature. |
What's New in AD FS in Windows Server 2008 (https://go.microsoft.com/fwlink/?LinkId=85684) |
|
Determine which partner organization will initiate the export/import policy process. The administrator who will begin this process must follow the export procedure on the right. Only one partner needs to follow this procedure. For example, if the administrator in Adatum Corporation is initiating this process, the administrator at Trey Research does not have to run this procedure. |
|
|
If you are the partner organization that will receive the exported trust policy from the administrator who initiated the export, you must complete one of the import procedures on the right. After this procedure is completed, one side of the federation trust will be established. Only one partner has to follow either of these procedures. For example, if the administrator in Trey Research (the resource partner) is receiving the policy file from the administrator in Adatum (the account partner), only the Trey Research administrator would run the procedure "Add a new Account Partner by Importing an Existing Policy File." |
|
|
After the administrator who received the exported policy file has completed the import process using the applicable new partner wizard, that same administrator will now have to export their partner policy file by using the procedure on the right. |
|
|
To successfully create both sides of the federated trust, the administrator who originally initiated the export/import policy process must now take the exported file that was discussed previously and use it to add a new partner organization, using the most appropriate procedure on the right. After this procedure is completed, both sides of the federation trust will be established and secure federated communications can take place. |
|
.gif)