Add an ADAM account store

  • Article

Applies To: Windows Server 2003 R2

If you use multiple Active Directory Application Mode (ADAM) stores for user accounts that require access to one or more Web applications that are protected by Active Directory Federation Services (ADFS), you can add the ADAM account stores to the Federation Service.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To add an ADAM account store

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, right-click Account Stores, point to New, and then click Account Store.

  3. On the Welcome to the Add Account Store Wizard page, click Next.

  4. On the Account Store Type page, ensure that Active Directory Application Mode (ADAM) is selected, and then click Next.

  5. On the ADAM Store Details page, in Account store display name, type the name of the ADAM account store as you want it to be displayed in the Active Directory Federation Services snap-in user interface (UI).

  6. In Account store URI, type the Uniform Resource Identifier (URI) for the ADAM account store, and then click Next.

    Note

    The account store URI uniquely identifies the ADAM instance among multiple ADAM account stores.

  7. On the ADAM Server Settings page, do the following, and then click Next:

    1. In ADAM server name or IP address, type the name or IP address of the ADAM server.

    2. In Port number, type the TCP/IP port number for the account service. Accept the default of 389 unless Active Directory is installed on the same server, in which case you must use a different port.

    3. In LDAP search base distinguished name, type the distinguished name of the ADAM instance.

    4. In User name LDAP attribute, type the name of the user name attribute that users provide during logon (for example, userPrincipalName or sAMAccountName).

  8. On the Identity Claims page, select one or more identity claims that will be provided by the account store, and then click Next:

    1. If the account store provides user principal name (UPN) identity claims, select the User Principal Name (UPN) check box, and then type the Lightweight Directory Access Protocol (LDAP) attribute name to which UPN identity claims map (the attribute whose value is the user's UPN, usually userPrincipalName).

    2. If the account store provides e-mail identity claims, select the E-mail check box, and then type the LDAP attribute name to which e-mail identity claims map (the attribute whose value is the user's a-mail name, usually userPrincipalName).

    3. If the account store provides a common name identity claim, select the Common Name check box, and then type the LDAP attribute name to which the common name identity claim maps (the attribute whose value is the user's common name, usually displayName).

  9. On the Enable this Account Store page, ensure that the Enable this account store check box is selected, and then click Next.

  10. On the Completing the Add Account Store Wizard page, click Finish.

See Also

Concepts

Add an Active Directory account store