在帐户伙伴组织中部署 AD FSDeploying AD FS in the Account Partner Organization

Active Directory 联合身份验证服务 AD FS 中的帐户 ( 伙伴 ) 表示联合身份验证信任关系中以物理方式将用户帐户存储在受支持的属性存储中的组织。An account partner in Active Directory Federation Services (AD FS) represents the organization in the federation trust relationship that physically stores user accounts in a supported attribute store. 有关支持的属性存储的详细信息,请参阅属性存储的角色For more information about which attribute stores are supported, see The Role of Attribute Stores.

帐户伙伴组织中的联合服务器对本地用户进行身份验证,并创建由资源伙伴在进行授权决策时使用的安全令牌。The federation server in the account partner organization authenticates local users and creates security tokens that are used by the resource partner in making authorization decisions. 然后,信赖方(如网站和 Web 服务)可以轻松地向联合服务器注册自己,并使用颁发的令牌进行身份验证和访问控制。Relying parties such as Web sites and Web services are then able to easily register themselves with the federation server and consume issued tokens for authentication and access control.

在需要向用户提供对多个联合应用程序或服务的访问权限的情况下(当每个应用程序或服务由不同组织承载时),可以配置帐户伙伴联合服务器,以便可以部署多个信赖方。In scenarios in which you need to provide your users with access to multiple federated applications or services—when each application or service is hosted by a different organization—you can configure the account partner federation server so that you can deploy multiple relying parties.

有关如何设置和配置帐户伙伴组织的详细信息,请参阅 Checklist: Configuring the Account Partner OrganizationFor more information about how to set up and configure an account partner organization, see Checklist: Configuring the Account Partner Organization.

本节内容In this section

另请参阅See Also

Windows Server 2012 中的 AD FS 设计指南AD FS Design Guide in Windows Server 2012