Complete the Add Account Store Wizard
Applies To: Windows Server 2003 R2
You can use the Add Account Store Wizard to add new Active Directory account stores and Active Directory Application Mode (ADAM) account stores to a Federation Service trust policy. New account stores are added to the end of the account store lists by default. Account stores are used to authenticate users and provide user identity information to Active Directory Federation Services.
Create an Active Directory account store
You can use the following procedure to create an Active Directory account store.
To create an Active Directory account store
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
In the console tree, double-click Federation Service, Trust Policy, and My Organization.
Right-click Account Stores, point to New, and then click Account Store.
On the Welcome to the Add Account Store Wizard page, click Next.
On the Account Store Type page, click Active Directory, and then click Next.
Note
You can have only one Active Directory store that is associated with a Federation Service. If the Active Directory option is not available, it is because an Active Directory store has already been created for this Federation Service.
If you do not want to enable this account store now, on the Enable this Account Store page, clear the Enable this account store check box, and then click Next.
To add the new account store and close the wizard, click Finish.
Create an ADAM account store
You can use the following procedure to create an ADAM account store.
To create an ADAM account store
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
In the console tree, double-click Federation Service, Trust Policy, and My Organization.
Right-click Account Stores, point to New, and then click Account Store.
On the Welcome to the Add Account Store Wizard page, click Next.
On the Account Store Type page, click Active Directory Application Mode (ADAM), and then click Next.
On the ADAM Store Details page, do the following, and then click Next:
In Account store display name, type the friendly name of the account store.
In Account store URI, type the Uniform Resource Identifier (URI) for the ADAM account store.
On the ADAM Server Settings page, do the following, and then click Next:
In ADAM server name or IP address, type the name or Internet Protocol (IP) address of the ADAM server.
In Port number, type the TCP/IP port number for the account service.
In LDAP search base distinguished name, type the distinguished name, for example, DC=adatum,DC=com.
In User name LDAP attribute, type the name of the user name attribute, for example, userPrincipalName.
On the Identity Claims page , select one or more identity claims that will be provided by the account store, and then click Next:
If the account store provides UPN identity claims, select the User Principal Name (UPN) check box, and then type the Lightweight Directory Access Protocol (LDAP) attribute name.
If the account store provides e-mail identity claims, select the E-mail check box, and then type the LDAP attribute name.
If the account store provides common name identity claims, select the Common name check box, and then type the LDAP attribute name.
If you do not want to enable this account store now, on the Enable this Account Store page, clear the Enable this account store check box, and then click Next.
To add the new account store and close the wizard, click Finish.