Step 2: Add the Domain Admins group as Administrator for the SharePoint site

Applies To: Active Directory Federation Services (AD FS) 2.0

Step 2: Add the Domain Admins group as Administrator for the SharePoint site

In this step, we grant full access to the SharePoint site to users who belong to the Domain Admins group.

To add the Domain Admins group to the Administrators group for the SharePoint site

  1. Log on to the CONTOSOSRV02 computer as CONTOSO\Administrator with "demo!23" as the user password.

  2. Click Start, Administrative Tools, and SharePoint 3.0 Central Administration.

  3. On the Central Administration (http://contososrv02:37101) page, click the Application Management tab.

  4. On the Application Management page, click Policy for Web application.

    On the next page, we change to the SharePoint site that we are actually configuring.

  5. Click the Web Application drop-down list, and then click Change Web Application.

  6. In the Select Web Application window that pops up, click Sharepoint:80 for the site to be configured.

  7. On the Policy for Web Application page, click Add Users.

  8. In the Zones drop-down list, select the Extranet zone to which we will add users, and then click Next.

  9. On the next page, we add the Domain Admins role. In the Users text box, type Role#Domain Admins. To give Domain Admins Full Control permissions, select the check box for Full Control, and then click Finish.


The Role# prefix tells the custom Role provider that Domain Admins is a role. If you add Domain Admins without this prefix, Domain Admins are treated as users.

  1. On the next page, you see the Domain Admins role added with full control of the site.