Add a Host (A) Resource Record to Perimeter DNS for an AD FS-Enabled Web Server

Applies To: Windows Server 2008

For clients on the Internet to successfully access a federated application that is hosted on an Active Directory Federation Services (AD FS)-enabled Web server, a host (A) resource record must first be created in the perimeter Domain Name System (DNS) that resolves the fully qualified domain name (FQDN) name of the Web server or server cluster to the IP address of the Web server or server cluster.

For more information about how to configure a cluster IP address or a cluster FQDN using Microsoft Network Load Balancing (NLB) technology, see Specifying the Cluster Parameters (

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To add a host (A) resource record to perimeter DNS for an AD FS-enabled Web server

  1. On a DNS server for the perimeter network, open the DNS snap-in.

  2. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A or AAAA).

  3. In Name, type only the computer name of the Web server. For example, for the FQDN, type ws.

  4. In IP address, type the IP address for the new Web server, for example,

  5. Click Add Host.

Additional references

Checklist: Installing an AD FS-Enabled Web Server

Name Resolution Requirements for AD FS-Enabled Web Servers