Your network consists of one Active Directory forest. All servers run Windows Server 2008 R2. You
plan to make multiple Web applications in the perimeter network accessible to external customers
and partner company users. You need to design an access solution to meet the following
requirements:
Provide authentication and authorization for the external customers and partner company users.
Enable single sign-on (SSO) authentication so that users can access multiple Web applications from a
single Web browser session.
What should you include in your design?
A.
Deploy Network Policy and Access Services (NPAS).
B.
Deploy Active Directory Rights Management Services (AD RMS).
C.
Deploy Active Directory Lightweight Directory Services (AD LDS), and then deploy Active Directory
Federation Services (AD FS). ‘
D.
Deploy Active Directory Lightweight Directory Services (AD LDS), and then configure AD FS Web
Agents on Internet Information Server (IIS) 7.0.
Explanation:
To implement single sign-on (SSO) authentication so that users can access multiple Web applications
from a single Web browser session, you need to install Active Directory Federation Services (AD FS)
on your Windows Server 2008 Server. You also need Active Directory Lightweight Directory Services
(AD LDS) because AD FS requires at least one directory service: either Active Directory Domain
Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS) to implement single
sign-on (SSO) authentication.
Windows Server 2008 Domain Services – Part 2: Active Directory Federation Services /
How AD FS workshttp://www.windowsnetworking.com/articles_tutorials/Windows-Server-2008-Domain-ServicesPart2.html