PrepAway - Latest Free Exam Questions & Answers

What should you create on Server1?

Your network contains an Active Directory domainnamed contoso.com.
The domain contains a servernamed Server1.
The Active Directory Federation Services (AD FS) role is installed on Server1.
Contoso.comis defined as an account store.
A partner companyhas a Web-based applicationthat uses AD FS authentication.
The partner company plans to provide users from contoso.com access to the Web application.
You need to configure AD FS on contoso.com to allow contoso.com users to be authenticated by the
partner company.
What should you create on Server1?

PrepAway - Latest Free Exam Questions & Answers

A.
a new application

B.
a resource partner

C.
an account partner

D.
an organization claim

Explanation:
Many thanks to Luffy for helping me out with this one!
Since the account store has already been configured, what needs to be done is to use the account storeto map
an AD DS global security group to an organization claim (called group claim extraction). So that’s what we need
to create for authentication: an organization claim.
Creating a resource/account partner is part of setting up the Federation Trust.
Reference 1:
http://technet.microsoft.com/en-us/library/dd378957.aspx
Configuring the Federation Servers
[All the steps for setting up an AD FS environment are listed in an extensive step-by-step guide, too long to post
here.]
Reference 2:
http://technet.microsoft.com/en-us/library/cc732147.aspx
Add an AD DS Account Store
If user and computer accounts that require access to a resource that is protected by Active Directory Federation
Services (AD FS) are stored in Active Directory Domain Services (AD DS), you must add AD DS as an
account storeon a federation server in the Federation Service that authenticates the accounts.
Reference 3:
http://technet.microsoft.com/en-us/library/cc731719.aspx
Map an Organization Group Claim to an AD DS Group (Group Claim Extraction)
When you use Active Directory Domain Services (AD DS) as the Active Directory Federation Services (AD FS)
account storefor an account Federation Service, you map an organization group claimto a security group
in AD DS. This mapping is called a group claim extraction.


Leave a Reply