Export the Trust Policy of a Partner Organization

  • Article

Applies To: Windows Server 2008

To begin an Active Directory Federation Services (AD FS) federated partnership with another organization, before you add resource and account partners you can export a generic trust policy file that the other organization can use to configure your organization as either its account or resource partner. For example, if you are administering a resource organization, you can export a generic trust policy file that the account organization can use to configure your organization as its resource partner in AD FS. You must make the file available to the partner organization, which can then import the file.

The exported generic policy file contains the following information:

  • Your organization's display name

  • The Federation Service endpoint URL

  • The Federation Service uniform resource identifier (URI)

  • The verification certificate (for an exported account partner only)

When the partner organization imports this policy file as it adds a resource partner or account partner that represents your organization, the wizard (the Add Resource Partner Wizard or the Add Account Partner Wizard) automatically configures the new partner with the correct information for your organization, which eliminates the possibility of mistyping the various required identifiers.

Perform this procedure on a federation server that hosts the policy file that you want to share with another organization that will become a partner in a federated partnership. The Export Policy command in the Active Directory Federation Services snap-in creates the file with the name and location that you provide.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To export an account or resource policy file

  1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

  2. Right-click Trust Policy, and then click Export Basic Partner Policy.

  3. In the Export Basic Partner Policy dialog box, click Browse to browse to the location where you want to save the policy file.

  4. In File name, type the name of the exported policy file, click Save, and then click OK.

  5. Notify the partner organization, and make the exported partner file available to the partner organization.

Additional references

Checklist: Configuring Both Sides of a Federated Trust Using Export/Import