Step 1: Join a Computer to a Domain

Important

For AD FS running on Windows Server® 2012 R2 to function your Active Directory domain must run either of the following:

• Windows Server
  
  
• Windows Server 2008 R2
  
  
• Windows Server 2012
  
  
• Windows Server® 2012 R2
  
  

Important

If you plan to use a group Managed Service Account (gMSA) as the service account for AD FS, you must have at least one domain controller in your environment that is running on Windows Server 2012 or Windows Server® 2012 R2 operating system.

Important

If you plan to deploy Device Registration Service (DRS) for AD Workplace Join as a part of your AD FS deployment, the AD DS schema needs to be updated to the Windows Server® 2012 R2level. There are three ways to update the schema:

1. In an existing Active Directory forest, run adprep /forestprep from the \Support\Adprep folder of the Windows Server® 2012 R2 operating system DVD on any 64-bit server that runs Windows Server 2008 or later. In this case, no additional domain controller needs to be installed, and no existing domain controllers need to be upgraded.
   
   To run adprep/forestprep, you must be a member of the Schema Admins group, the Enterprise Admins group, and the Domain Admins group of the domain that hosts the schema master.
   
   
2. In an existing Active Directory forest, install a domain controller that runs Windows Server® 2012 R2. In this case, adprep /forestprep can be run automatically as part of the domain controller installation.
   
   During the domain controller installation, you will need additional credentials in order to run adprep /forestprep.
   
   
3. Create a new Active Directory forest by installing AD DS on a server that runs Windows Server® 2012 R2. In this case, adprep /forestprep does not need to be run because the schema will be initially created with all the necessary containers and objects to support DRS.