DRAG DROP
Your network contains an Active Directory domain named contoso.com. The domain contains a
server named Server1 that runs Windows Server 2012 R2.
You plan to install the Active Directory Federation Services server role on Server1 to allow for
Workplace Join.
You run nslookup enterprise registration and you receive the following results:
You need to create a certificate request for Server1 to support the Active Directory Federation
Services (AD FS) installation.
How should you configure the certificate request?
To answer, drag the appropriate names to the correct locations. Each name may be used once, more
than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer: 
Explanation:
Obtain a server SSL certificate from either a public certificate authority (CA) or from your
organization’s PKI subordinate CA that is trusted by a public certificate authority.
The server SSL certificate must have the following certificate attributes to be used with Workplace
Join:
– Subject Name (CN): adfs1.contoso.com
– Subject Alternative Name (DNS): adfs1.contoso.com
– Subject Alternative Name (DNS): enterpriseregistration.contoso.comWhy R2? Step-by-Step: Solve BYOD Challenges with Workplace Join in Windows Server 2012 R2 and
Windows 8.1
What’s the point in having a san with the same value as the cn? Why not use server1 or the IP address as one of the sans?
cn: adfs1
san: server1 or 192.168.0.70
san: enterpriseregistration
0
0
correction: forget ip since its not an option.
answer should be:
cn: adfs1
san: server1
san: enterpriseregistration
0
0
– Subject Name (CN): adfs1.contoso.com
– Subject Alternative Name (DNS): adfs1.contoso.com
– Subject Alternative Name (DNS): enterpriseregistration.contoso.com
Is correct because if we specify the server name as our first subject alternative name in DNS, we would then need a new cert for each and every server you add to your adfs farm, and a corresponding cname record in dns for each server.
At least that’s my understanding.
0
1
is the answer correct?
0
0
The answer is correct. Check it out:
https://technet.microsoft.com/en-au/library/dn280939.aspx
You must install a server Secure Socket Layer (SSL) certificate on the ADFS1 server in the local computer store. The certificate MUST have the following attributes:
Subject Name (CN): adfs1.contoso.com
Subject Alternative Name (DNS): adfs1.contoso.com
Subject Alternative Name (DNS): enterpriseregistration.contoso.com
0
0
adfsa.contoso.com is actually the federation service name. enterpriseregistration.domainname is required for workplace join and represents the ADFS server so u know its not dc1
answer is correct
0
0