What should you create on Server1?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. The Active Directory Federation Services (AD FS) role is
installed on Server1. Contoso.com is defined as an account store.
A partner company has a Web-based application that uses AD FS authentication. The
partner company plans to provide users from contoso.com access to the Web application.
You need to configure AD FS on contoso.com to allow contoso.com users to be
authenticated by the partner company.
What should you create on Server1?

Your network contains an Active Directory domain named contoso.com. The domain
contains a server named Server1. The Active Directory Federation Services (AD FS) role is
installed on Server1. Contoso.com is defined as an account store.
A partner company has a Web-based application that uses AD FS authentication. The
partner company plans to provide users from contoso.com access to the Web application.
You need to configure AD FS on contoso.com to allow contoso.com users to be
authenticated by the partner company.
What should you create on Server1?

A.
a new application

B.
a resource partner

C.
an account partner

D.
an organization claim

Explanation:
Since the account store has already been configured, what needs to be done is to use the
account store to map an AD DS global security group to an organization claim (called group
claim extraction). So that’s what we need to create for authentication: an organization claim.
Creating a resource/account partner is part of setting up the Federation Trust.
Reference 1)
http://technet.microsoft.com/en-us/library/dd378957.aspx
Configuring the Federation Servers

[All the steps for setting up an AD FS environment are listed in an extensive step-by-step
guide, too long to post here.]
Reference 2)
http://technet.microsoft.com/en-us/library/cc732147.aspx
Add an AD DS Account Store
If user and computer accounts that require access to a resource that is protected by Active
Directory Federation Services (AD FS) are stored in Active Directory Domain Services (AD
DS), you must add AD DS as an account store on a federation server in the Federation
Service that authenticates the accounts.
Reference 3)
http://technet.microsoft.com/en-us/library/cc731719.aspx
Map an Organization Group Claim to an AD DS Group (Group Claim Extraction)
When you use Active Directory Domain Services (AD DS) as the Active Directory Federation
Services (AD FS) account store for an account Federation Service, you map an organization
group claim to a security group in AD DS. This mapping is called a group claim extraction.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *