Add an AD DS Account Store
Updated: January 31, 2008
Applies To: Windows Server 2008
If user and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS as an account store on a federation server in the Federation Service that authenticates the accounts.
An Active Directory forest can have only one Active Directory instance. Therefore, you can add only one AD DS account store for the respective Federation Service.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To add an AD DS account store
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click My Organization, right-click Account Stores, point to New, and then click Account Store.
On the Welcome to the Add Account Store Wizard page, click Next.
On the Account Store Type page, ensure that Active Directory Domain Services (AD DS) is selected, and then click Next.
On the Enable this Account Store page, ensure that the Enable this account store check box is selected, and then click Next.
On the Completing the Add Account Store Wizard page, click Finish.