Active Directory Federation Services
In this post I will be installing and configuring the Active Directory Federation Services (AD FS) server role.
This service is designed to provide Single-Sign-On (SSO) capabilities to multiple web application using a single Active Directory account.
The installation can be done on your Domain Controller or a domain joined server. This installation is based on Microsoft server 2019.
Prerequisite
- IIS Service must be installed. If you do not have IIS installed make sure to install the role before you begin. I have another guide to help you install IIS service feature, on Microsoft server 2019.
- DNS Record MUST be present. If you are installing the FS on a Domain Controller or a different server, then ensure FQDN DNS named resolution is possible.
- For Testing. Remember that in Server 2016 (ADFS 4.0) and later IdPIntiatedSignOn page is disabled by default and must be turned on manually with Administrative PowerShell commands. Use the below commands:
>(Get-AdfsProperties).EnableIdPInitiatedSignonPage
>Set-AdfsProperties -EnableIdPInitiatedSignonPage $true
>(Get-AdfsProperties).EnableIdPInitiatedSignonPage
Note: Web Application Proxy role and AD FS cannot be installed on the same computer.
Install the AD FS Server Role – Complete Step-by-Step
1- Open Server Manager and click Manage -> Add Roles and Features:

Click Next on the screen that follows

2-The Role-based or feature-based installation should be selected then click Next.

3- Select the server you want to install this role then click Next

4- Select Active Directory Federation Services then click Next

5- No additional Features are needed. Click Next

6- Click Next

7- The AD FS role does not require a reboot. Click Install

8- When installation is completed, click Close

Post-Deployment Configuration:
1- Be curious to know why the Notifications has exclamation mark then click Configure the federation service on this server

2- In this wizard, under Welcome select the first option then click Next

3- Ensure the account you are logged into has Active Directory Domain Admin permissions. If not then click Change. Click Next to continue:

4- In the wizard, under Specify Service Properties, provide the following;
- SSL Certificate – You can create a self-signed certificate or import one obtained provider. Your Certificate must be in .PFX format.
- Federation Service Name – This is the FQDN of the AD FS server
- Federation Service Display Name – Use any descriptive name

5- In the Specify Service Account wizard, enter the Service Account you want to use and click Next
NB: Ensure this user account is a member of the local domain administrator group of your AD FS server.

6 – Specify a location for your SQL database. If you do not have one, select the first option. For this tutorial, we will select the first option, then click Next

7- Review your selection options, if you are happy, click Next

8- In the Pre-requisite wizard, if no issues are present, click Configure. Wait for the installation to finish.

9- Once completed click Close

Testing AD FS to ensure it is working
1- Open a web browser on any system on your domain, then type the URL https://ADFS.FQDN/adfs/ls/idpinitiatedSignOn.aspx
Example: https://adfs.svlab.local/adfs/ls/idpinitiatedsignon
You should get a Sign-In Windows, enter your domain credentials, once log in, it will show the Sign-Out screen:


| You have now officially configured AD FS and it is ready for use in your environment |
Thank you for following this tutorial. Leave your comments if you are having any issues
Quite practical to follow step by step installation.
As a newbie, what is the purpose of using AD FS server 2019 ?
Hi Dominique,
AD FS is Microsoft Software for identity management. It provides domain trust with single sign-on (SSO) capability for accessing applications, software and systems within or across organizations.