AD FS Features

This video will look the different versions of Active Directory Federation Services. This includes which features are available in each one and which operating system you need in order to use these features.

Download the PDF handout http://ITFreeTraining.com/handouts/fe...

AD FS 3.0
AD FS 3.0 is included in Windows Server 2012 R2. You will not be able to run AD FS 3.0 unless you install or upgrade to Windows Server 2012 R2. AD FS 3.0 comes with a few new features
Workplace Join: This allows a mobile device to join the domain. It is simpler than joining a computer to the domain; however, it does not include all the same features as joining a computer to the domain. For example, group policy is not supported. When you add a device to the domain using Workplace Join, the device is registered in Active Directory so administrators have control over which devices are added and also can remove a device later on if they wanted. Workplace Join could also be used with OS's like Windows 8.1. This allows a computer to access some Active Directory functions. This is useful for external contractors who need access to certain files, but the administrator does not want to add them to domain functions like a standard user would have.
Enhanced access control risk management tools: This is a collection of features that help secure AD FS clients. For example, it makes it easier to disable remote devices. It also allows features like making sure the users enter in a username and password when accessing certain applications.
No longer requires IIS: AD FS 3.0 no longer requires IIS to be installed. It is now a separate role and does not require additional roles in order to be installed.
UI support for SQL Server: User interface has the ability to configure SQL server. If you are using SQL server with Active Directory Federation Services this makes it easier to configure SQL Server.
Group Managed Service Account Support: Managed services account were already present in Windows, however they were difficult to set up. AD FS 3.0 allows a managed service account to be created in the install wizard to be used with Active Directory Federation Services. A managed service account password is controlled by Active Directory. The password is very long and complex and automatically changed at periodic intervals. Group managed service accounts are different from the regular managed service accounts in that they can be used on multiple servers quite easily.

AD FS 3.0 difference from other version
The component Federation Service Proxy no longer exists. Its functionality has been replaced by a different component called "Web Application Proxy". This component is found in the Remote Access Role rather than Federation Service role. This role is also used by other services as well as Active Directory Federation Services.
In AD FS 3.0 the web agents have been removed. These provided compatibility between AD FS and other systems. If you upgrade to this version you need to ensure that you do not require these web agents.

AD FS 2.1/AD FS 2.0
AD FS 2.1 is included with Windows Server 2012. There are only very minor changes between it and 2.0. The most significant change is that it is included in the operating system rather than being an optional download.
AD FS 2.0 is available as a free download from Microsoft. It can be installed on Windows Server 2008 and Windows Server 2008 R2.

Description to long for YouTube. Please see the following link for the rest of the video.
http://itfreetraining.com/federation#...


See    / itfreetraining   or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.

References
"Active Directory Federation Services 2.0 RTW" http://www.microsoft.com/en-us/downlo...
"Planning a Migration to AD FS 2.0" http://technet.microsoft.com/en-us/li...
"Understanding Federation Design" http://technet.microsoft.com/en-us/li...
"Active Directory Federation Services Role" http://technet.microsoft.com/en-us/li...
"First Impressions -- AD FS and Windows Server 2012 R2 -- Part I" http://blog.auth360.net/2013/09/13/fi...
"Samsung Knox enabled devices get Microsoft Workplace Join support" http://www.theinquirer.net/inquirer/n...
"Enhanced access control risk management tools" http://technet.microsoft.com/en-us/li...
"AD FS 2.0 and AD FS 1.x Interoperability" http://blogs.technet.com/b/askds/arch...
"Features Removed or Deprecated in Windows Server 2012 R2" http://technet.microsoft.com/en-us/li...
"Overview of AD FS 2.0" http://technet.microsoft.com/en-us/li...