HOTSPOT
Your network contains an Active Directory forest named contoso.com.
Your company has a custom application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS) server named Server1 to authenticate users.
You have a member server named Server2 that runs Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on Server2 and create an AD FS farm.
You need to configure AD FS to authenticate users from the AD LDS server.
Which cmdlets should you run? To answer, select the appropriate options in the answer area.
Hot Area:
Explanation:
To configure your AD FS farm to authenticate users from an LDAP directory, you can complete the following steps:
Step 1: New-AdfsLdapServerConnection
First, configure a connection to your LDAP directory using the New-AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection –HostName dirserver –Port 50000 –SslMode None –
AuthenticationMethod Basic –Credential $DirectoryCred
Step 2 (optional):
Next, you can perform the optional step of mapping LDAP attributes to the existing AD FS claims using the
New-AdfsLdapAttributeToClaimMapping cmdlet.
Step 3: Add-AdfsLocalClaimsProviderTrust
Finally, you must register the LDAP store with AD FS as a local claims provider trust using the AddAdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust –Name “Vendors” –Identifier “urn:vendors” –Type L
References: https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx