Export (0) Print
Expand All

Step 5: Configure a federation server with Device Registration Service

Published: June 24, 2013

Updated: June 24, 2013

Applies To: Windows Server 2012 R2



You can enable Device Registration Service (DRS) on your federation server after you complete Step 4: Configure a Federation Server. The Device Registration Service provides an onboarding mechanism for single sign-on (SSO) and conditional access to consumers that need access to on-premises company resources. For more information about DRS, see Join to Workplace from Any Device for SSO and Seamless Second Factor Authentication Across Company Applications.

noteNote
You must be logged in with domain administrator permissions in order to complete this procedure.

  1. Open a PowerShell command window and type:

    Enable-AdfsDeviceRegistration –PrepareActiveDirectory
    
  2. When prompted for a service account, enter the name of the group Member Service Account (gMSA) you selected as the service account for AD FS.

    If it is a gMSA account, enter the account in the domain\gMSA$ format. For a domain account, use the format domain\accountname.

  3. Next run the following cmdlet to enable Device Registration Service on each node in the AD FS farm: Enable-AdfsDeviceRegistration.

    You should see a message about device registration being successful.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

Show:
© 2014 Microsoft