Exportieren (0) Drucken
Alle erweitern

How to Set Up the AD FS 2.0 VM Lab Environment for Federated Collaboration

Letzte Aktualisierung: Mai 2010

Betrifft: Active Directory Federation Services (AD FS) 2.0

This document is intended for developers and system architects who are interested in completing the walkthrough demonstration of the features, functionality, and interoperability capabilities of AD FS 2.0 and Windows Identity Foundation (WIF).

About This Guide

This guide provides instructions for setting up federated identity technologies in a small test lab with servers running the Windows Server 2008 operating system. It explains how to install and configure all settings and prerequisite software necessary to create the four virtual machine (VM) images that you need to have available so that you can complete all the steps in the following guide:

While you can download VM images that are preconfigured for trial use, this guide assists you if you choose to make the images yourself. The overall goal of this guide is to give you a good understanding of the base configuration requirements necessary to deploy and enable AD FS 2.0 technologies in your environment.

To maximize your chances of completing the objectives of this guide successfully, it is important that you do all of the following:

  • Complete the steps in this guide in the order in which they are presented.

  • Use the exact IP addresses that this guide specifies.

  • Use the exact computer, user, group, company, claim, and domain names that this guide specifies.

Any modifications that you make to the configuration details in this guide may affect or limit your chances of setting up this lab successfully on the first try.

Microsoft has tested this guide successfully with the Windows Server 2008 Hyper-V™ virtualization technology product.

The instructions in this guide take approximately four hours to complete.

What this guide does not provide

This guide does not provide the following information:

  • Guidance for setting up and configuring AD FS 2.0 for federation in a production environment.

  • Instructions for setting up and configuring a Verbundserverproxy

  • Instructions for setting up the test lab computer (Hardware and software requirements are listed in the following section, however.)

  • Instructions for making your own base virtual hard drive (.vhd) images.


To complete all the steps in this guide, you must have a virtual test lab computer where you can configure four virtual machines (VMs) running the Windows Server® 2008 R2 Enterprise operating system.

Your virtual test lab computer must be able to meet the minimum requirements in the following table.



64-bit quad core with 2.0 gigahertz (GHz) or higher CPU speed

Operating system

Windows Server 2008 R2 Enterprise


8 GB or higher

Disk drive

80 GB or more of available space

Additional software

The following server role must be added:

  • Microsoft Hyper-V

Other devices

CD-ROM or ROM drive

High resolution monitor (1024x768 or higher)

Keyboard and Microsoft mouse or compatible pointing device

Administrative credentials

To perform all the tasks in this guide, use the local Administrator account for each computer, unless instructed otherwise. To create accounts in Active Directory Domain Services (AD DS), log on with the Administrator account for the domain. For example, when you create user accounts for Contoso Pharmaceuticals, use the CONTOSO\Administrator account.

About the lab environment

For the virtual test lab environment, create four VMs. Each of the VMs that you create and configure can be used later to accomplish scenario tasks in which you implement and evaluate a claims-based federated identity solution as described in the Federated Document Collaboration with Microsoft Office SharePoint Server 2007 and AD FS 2.0 (http://go.microsoft.com/fwlink/?LinkId=148503) guide. To set up the test lab to accomplish the goals in that guide, follow the steps in order as described in the following tables to establish a working test lab environment.


Step Step title Description

Step 1: Create and Configure VMs Using Hyper-V Manager

Create and Configure VMs using Hyper-V Manager

This step demonstrates the information technology (IT) pro experience for creating a virtual test lab environment for the purpose of evaluating federated identity technologies.

Step 2: Download and Install Prerequisite Software

Download Prerequisite Software

This step provides details about the software dependencies and applications that are required for updating each of the virtual servers and the virtual client so that you can use them to support the AD FS 2.0 test lab environment that you will need to emulate a business-to-business (B2B) federated identity configuration.

Step 3: Reconfigure the IP and DNS Settings for All VMs

Reconfigure the IP and DNS Settings for all VMs.

This step demonstrates the network changes involved in reconfiguring network settings for the VMs to move from VM setup to the settings that are required for the private network that you will need for the virtual test lab.

Step 4: Install and Configure AD DS

Install and Configure Active Directory Domain Services (AD DS)

This step demonstrates the underlying configuration requirements for installing and configuring AD DS to be used by two separate companies that are involved in a B2B scenario.

Step 5: Install and Configure IIS, Certificates, and Group Policy

Install and Configure IIS, Certificates and Group Policy

This step demonstrates the underlying configuration requirements for installing and configuring Internet Information Services (IIS), Active Directory Certificate Services (AD CS) and Group Policy for both of the companies involved in a B2B scenario.

Step 7: Install and Configure Windows Claims-Aware Identity Software

Install and Configure the SharePoint Site on ContosoSrv02

This step demonstrates the underlying configuration requirements for installing and configuring Microsoft Office SharePoint Server 2007 for document collaboration needs in a B2B scenario.

Step 6: Install and Configure the SharePoint Site on ContosoSrv02

Install and configure Windows claims-based identity software

This step demonstrates the underlying configuration requirements for installing and configuring AD FS 2.0 and related technologies for federation service in both of the companies involved in a B2B scenario.

Step 8: Configure ContosoSrv02 and FabrikamSrv02 for Step-Up Authentication

Configure ContosoSrv02 and FabrikamSrv02 for step-up authentication scenario

This step demonstrates the underlying configuration requirements configuring step-up authentication.

Fanden Sie dies hilfreich?
(1500 verbleibende Zeichen)
Vielen Dank für Ihr Feedback.


Microsoft führt eine Onlineumfrage durch, um Ihre Meinung zur MSDN-Website zu erfahren. Wenn Sie sich zur Teilnahme entscheiden, wird Ihnen die Onlineumfrage angezeigt, sobald Sie die MSDN-Website verlassen.

Möchten Sie an der Umfrage teilnehmen?
© 2015 Microsoft