Your network contains a perimeter network and an internal network. The internal network contains
an Active Directory Federation Services (AD FS) 2.1 infrastructure. The infrastructure uses Active
Directory as the attribute store.
You plan to deploy a federation server proxy to a server named Server2 in the perimeter network.
You need to identify which value must be included in the certificate that is deployed to Server2.
What should you identify?
A.
The FQDN of the AD FS server
B.
The name of the Federation Service
C.
The name of the Active Directory domain
D.
The public IP address of Server2
Explanation:
To add a host (A) record to corporate DNS for a federation server
On a DNS server for the corporate network, open the DNS snap-in.
1. In the console tree, right-click the applicable forward lookup zone, and then click New Host (A).
2. In Name, type only the computer name of the federation server or federation server cluster (for
example, type fs for the fully qualified domain name (FQDN) fs.adatum.com).3. In IP address, type the IP address for the federation server or federation server cluster (for
example, 192.168.1.4).
4. Click Add Host.Add a host (A) record to corporate DNS for a federation server
http://technet.microsoft.com/en-us/library/HYPERLINK “http://technet.microsoft.com/enus/library/cc776786(v=ws.10).aspx#_blank”cc776786(v=ws.10).aspx
It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS Management snap-in.
0
0
https://technet.microsoft.com/en-us/library/dd807054.aspx
0
0
Both the training guide and the technet article posted by Sanan only require
“It is important to verify that the subject name in the server authentication certificate matches the Federation Service name value that is specified in the AD FS Management snap-in. To locate this value, open the snap-in, right-click Service, click Edit Federation Service Properties, and then find the value in Federation Service name text box.”
So unless “the federation service name value” is different from “the name of the federation service”, the correct answer should be
B).
That the “help” talks about DNS records instead of certificate values doesn’t help.
0
0
Agreed – answer should be B
0
0
agree with B
0
0
AD FS requires a certificate for SSL server authentication on each federation server in your federation server farm. The same certificate should be used on each federation server in a farm. You must have both the certificate and its private key available. For example, if you have the certificate and its private key in a .pfx file, you will be able import the file directly into the Active Directory Federation Services Configuration Wizard. This SSL certificate must contain the following:
Subject name and subject alternative name must contain your federation service name, such as fs.contoso.com
Subject alternative name must contain the value enterpriseregistration followed by the UPN suffix of your organization, such as, for example, enterpriseregistration.corp.contoso.com
0
0
https://msdn.microsoft.com/en-us/library/azure/dn151311.aspx
0
0
For Workplace Join, the certificate must have the following subject alternative names (SANs):
.
For example, adfs1.contoso.com.
https://technet.microsoft.com/en-us/library/dn383647.aspx#BKMK_Certs
0
0
B
0
0