Hotspot Question
Your network contains an Active Directory forest named contoso.com. Your company has a custom
application named ERP1. ERP1 uses an Active Directory Lightweight Directory Services (AD LDS)
server named Server1 to authenticate users. You have a member server named Server2 that runs
Windows Server 2016. You install the Active Directory Federation Services (AD FS) server role on
Server2 and create an AD FS farm. You need to configure AD FS to authenticate users from the
AD LDS server. Which cmdlets should you run? (To answer, select the appropriate options in the
answer area.)

Answer:

Explanation:
To configure your AD FS farm to authenticate users from an LDAP directory, you can complete the
following steps:
Step 1: New-AdfsLdapServerConnection. First, configure a connection to your LDAP directory
using the New-AdfsLdapServerConnection cmdlet:
$DirectoryCred = Get-Credential
$vendorDirectory = New-AdfsLdapServerConnection -HostName dirserver -Port
50000 -SslMode None -AuthenticationMethod Basic -Credential
$DirectoryCred
Step 2 (optional): Next, you can perform the optional step of mapping LDAP attributes to the existing
AD FS claims using the New-AdfsLdapAttributeToClaimMapping cmdlet.
Step 3: Add-AdfsLocalClaimsProviderTrust. Finally, you must register the LDAP store with AD FS
as a local claims provider trust using the Add-AdfsLocalClaimsProviderTrust cmdlet:
Add-AdfsLocalClaimsProviderTrust -Name “Vendors” -Identifier
“urn:vendors” -Type L
https://technet.microsoft.com/en-us/library/dn823754(v=ws.11).aspx