Checklist: Installing a federation server

Applies To: Windows Server 2003 R2

This checklist includes the deployment tasks necessary to prepare a server running Windows Server 2003 R2, Enterprise Edition, for the Active Directory Federation Services (ADFS) federation server role.

Note

Complete the tasks in this checklist in order. When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

Checklist: Installing a federation server

	Task	Reference
	Review information in the Active Directory Federation Services Design Guide about where to place federation servers in your organization	Planning Federation Server Placement Where to place a federation server
	Use the information in the Active Directory Federation Services Design Guide to determine whether a single federation server or federation server farm is preferred for your deployment.	When to create a federation server When to create a federation server farm
	Use the information in the Active Directory Federation Services Design Guide to determine whether this new federation server will be created in the account partner organization or the resource partner organization.	Review the role of the federation server in the account partner organization Review the role of the federation server in the resource partner organization
	Review information in the Active Directory Federation Services Design Guide about how federation servers use server authentication certificates and token-signing certificates to securely authenticate client and federation server proxy requests.	Certificate requirements for federation servers
	Review information in the Active Directory Federation Services Design Guide about how to update the corporate network Domain Name System (DNS) so that successful name resolution to federation servers can occur.	Name resolution requirements for federation servers
	Join the computer that will become the federation server to a domain in the account partner forest or resource partner forest where it will be used to authenticate the users of that forest or from trusting forests. Note If you want to create a federation server in the account partner organization, the computer must first be joined to any domain in the forest where your federation server will be used to authenticate users from that forest or from trusting forests.	Join a computer to a domain
	Create a new resource record in the corporate network DNS that points the DNS host name of the federation server to the IP address of the federation server.	Add a host (A) record to corporate DNS for a federation server
	Install prerequisite applications such as ASP.NET, Internet Information Services (IIS) and Microsoft .NET Framework 2.0 on the computer that will become the federation server.	Install prerequisite applications
	Secure IIS using a server authentication certificate, and configure ADFS with a token-signing certificate.	Checklist: Configuring certificates for a federation server
	Install the Federation Service component on the computer that will become the federation server. Follow this procedure when you want either to create the first federation server in a new farm or to extend an existing farm. Note For the Federated Web Single Sign-On (SSO) and Federated Web SSO with Forest Trust scenarios, you must have at least one federation server in the account partner organization and at least one federation server in the resource partner organization.	Install the Federation Service component of ADFS
	If this is the first federation server in your organization, configure the trust policy so that it conforms to your ADFS design.	Checklist: Configuring the account partner organization Checklist: Configuring the resource partner organization
	From a client computer, verify that the federation server is operational.	Verify that a federation server is operational