Install ADFS on Azure VM step by step

In this article, we will install the ADFS in Azure VM.

Prerequisites:
  • Create a Service Account with Domain/Enterprise Admin rights
  • Cloud only account with Global Admin rights
  • Third-party SSL certificate
  • AAD Connect (Directory Sync)
Steps we will take in this lab.
  • Install ADFS Server
  • Import Certificate and complete the Setup
  • Post Install testing
  • Setting up DNS record and open firewall port
  • Convert domain to federated
  • Test the working of the ADFS.
Step 1 - Install the ADFS server, join the server to the domain and reboot.

Install-windowsfeature adfs-federation –IncludeManagementTools



Step 2 Create a certificate request.

In the lab, I am using the LetsEncrypt free cert so I will skip the steps. if you would like to see how I
got this cert, please check out my this post.

Step 3) Add KDS Root key

Enable gMSA in your domain by running the following Windows PowerShell command on a domain controller, which runs Windows Server 2012 or later.

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

Step 4)  Configure the first federation server in a new federation server farm

Open the Server Manager, and click on "Configure the federation service on this Server"


that should open the below dialogue box, hit next.


specify the account details.


Import the certificate we exported in (.pfx) format in the previous step, and provide the "Federation Service Display Name" 


Provide the service account details.


Continue with the default selection.


review the selection and click next.


If all the Pre-requisite checks are pass click on "Configure" to continue.


you should the screen like below after a successful configuration.


Next, let's test the ADFS.

Note: Before we can test, make sure you have DNS record set up so that URL "sts.lab365.in" is resolvable and can reach the ADFS server, also for the service to be available externally, open the port 443 in the firewall, and publish CNAME record in the DNS, in my Azure LAB "sts.lab365.in" point to my VM external URL which would be like "adfs01.westindia.cloudapp.azure.com".

Once all the DNS records are setup we can use the below URL, which should return the XML.

https://sts.lab365.in/adfs/fs/federationserverservice.asmx




Also, check the LDAP Signon page URL if it's working.

https://ADFS_FQDN/adfs/ls/idpinitiatedSignOn.aspx

Note that you need the enable it before testing, as its disabled by default.

Set-AdfsProperties –EnableIdpInitiatedSignonPage $True


Step 5) - Configure Federation Trust with Office 365

Connect to MSOL Service and run the following cmd.

Connect-MsolService
Set-MsolADFSContext –computer adfs02.lab365.in
Convert-MsolDomainToFederated –domain lab365.in


Step 6) - Sync local Active Directory user accounts to Office 365

Now run the AD Connect sync if not already run and the users should now be redirected to ADFS for authentication.


This completes my post in setting up ADFS on Azure VM, where we successfully installed, configured and tested the ADFS. 

Comments