Configure Resource Account Options
Applies To: Windows Server 2008
By adjusting resource account options in the resource Federation Service, resource partner administrators can refine how access control for federated users is administered and delegated on an account partner–by–account partner basis. Use the following procedure to adjust resource account options.
We recommend that you first review information about each resource account option before you modify the default resource account setting. For more information about resource account options, see Select the Optimal Resource Account Option.
Perform this procedure on a resource federation server.
Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).
To configure resource account options
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click Partner Organizations, and then double-click Account Partners.
Right-click the account partner whose resource account behavior you want to change, and then click Properties.
Click the Resource Accounts tab.
Select one of the following options for using resource accounts for this account partner, and then click OK:
Resource accounts exist for all users (Resource group claim mappings are not checked.)
Resource accounts exist for some users (prefer resource account) (First, check for resource accounts. If they do not exist, use the resource groups in the token.)
Resource accounts exist for some users (prefer groups in token) (First, process resource groups in tokens. If none exist, check for resource accounts.)
No resource accounts exist for this account partner (Check only for resource groups in tokens.)