In this post, we’ll set up Directory Domain Service And ADFS On Windows Server.
Step 1: Launch an EC2 instance using Windows Server 2019 AMI. In the security group, open RDP and HTTPS ports for your IP.
Step 2: Connect to our server and install Active Directory Domain Service by going to Server Manager-Manage-Add Roles and Feature and select Active Directory Domain Service.
Step 3: Now click on Notification->Promote this server to be a domain controller-> Add a new forest->give fs.adfstest.com as Root domain.
In the next screen, provide the DSRM password. After that leave all the settings as it is and click Next. Click on Install at the last screen. Once it’s installed successfully, the server will restart.
Step 4: Now install Active Directory Certificate Services using the following commands:
Add-WindowsFeature Adcs-Cert-Authority -IncludeManagementTools
Install-AdcsCertificationAuthority -CAType EnterpriseRootCA
Step 5: Now open certsrv.msc and follow https://geekdudes.wordpress.com/2017/01/03/installing-ad-federation-service-on-windows-server-2016/ to setup ADFS.
Note that we need to duplicate Security tab-Object Types-Computers-Add Domain Computer section for Domain controller also because If your ADDS and ADFS is the same server, you must add Computer Object “Domain Controllers” in addition to “ Domain Computers” when creating the Certificate Template.
Step 6: After that execute the following command
Set-AdfsProperties -EnableIdPInitiatedSignonPage $true
Testing: Make host entry for fs.adfstest.com in /etc/hosts with the IP of our EC2 instance. Now open https://fs.adfstest.com/adfs/ls/idpinitiatedsignon.aspx and https://fs.adfstest.com/adfs//fs//federationserverservice.asmx on your browser.
👋 Join us today !!
If this post was helpful, please click the clap 👏 button below a few times to show your support! ⬇