Share via


Install the AD FS 2.0 Software

Applies To: Active Directory Federation Services (AD FS) 2.0

Active Directory Federation Services (AD FS) 2.0 software must be installed on any computer that you are preparing for the federation server role or the federation server proxy role. You can install this software by either using the AD FS 2.0 Setup Wizard or by performing a quiet installation using the adfssetup.exe /quiet parameter at a command line.

Tip

You can find additional AD FS 2.0 resource links at the AD FS 2.0 Content Map page on the Microsoft TechNet Wiki. This page is managed by members of the AD FS 2.0 Community and is monitored on a regular basis by the AD FS Product Team.

Whichever method you choose to install AD FS 2.0, the AD FS 2.0 installation process will attempt to automatically check for, and if necessary, install the following prerequisite applications and hotfixes:

  • Windows Hotfix (KB968389) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB970430) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB973917) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB975955) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB981002) - Installed only on Windows Server 2008 R2 computers

  • Windows Hotfix (KB981201) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB981202) - Installed only on Windows Server 2008 computers

  • Windows Hotfix (KB981205) - Installed only on Windows Server 2008 computers

  • Microsoft .NET Framework 3.5 Service Pack 1 (SP1) - Installed only on Windows Server 2008 R2 computers

  • Internet Information Services (IIS) 7

  • Windows Identity Foundation (WIF)

  • Windows PowerShell

Note

You can manually apply a Windows Hotfix (post-setup) that will enable AD FS 2.0 to support STR-Transforms. Security Token Reference (STR)-Transform is a unique and interoperable way of referencing security tokens in Simple Object Access Protocol (SOAP)-based message signatures. STR-Transform is useful in situations in which tokens do not have an ID associated with them, therefore making it difficult to reference them in an interoperable way while creating a signature over them. For more information about STR-Transforms, see the WS-Security SOAP Message Security 1.1 Specification (https://go.microsoft.com/fwlink/?LinkId=188680).
The STR-Transform feature is introduced as a Windows Hotfix (KB974842) in Windows Communication Foundation (WCF) 3.5 Service Pack 1 and is required by AD FS 2.0 to use this feature. Federation servers running Windows Server 2008 or Windows Server 2008 R2 with AD FS 2.0 installed will accept messages that contain STR-Transform references without any code changes, as long as they have this hotfix for WCF installed. Without this hotfix, the federation server cannot emit a message that uses STR-Transform to reference tokens in signatures. Therefore, once you have manually installed this hotfix on the federation server computer, you must enable STR-Transform in code/config by requesting the WCF runtime to use STR-Transform for referencing tokens in message signatures. The details about how to do this are described in the KB article.

Depending on your administrative preference, select one of the following procedures to install the AD FS 2.0 software on the computer that will become the federation server or federation server proxy in your organization.

Note

After you install AD FS 2.0, you can uninstall it later by clicking View installed updates under Control Panel\Programs and Features</STRONG>, clicking the update named Active Directory Federation Services 2.0 (KB974408), and then clicking Uninstall.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To install the AD FS 2.0 software using the setup wizard

  1. Download the AD FS 2.0 software by saving the AdfsSetup.exe setup file onto the computer. To download this file, go to Active Directory Federation Services 2.0 RTW (https://go.microsoft.com/fwlink/?LinkId=151338).

  2. Locate the AdfsSetup.exe setup file that you downloaded to the computer, and then double-click it.

  3. On the Welcome to the AD FS 2.0 Setup Wizard page, click Next.

  4. On the End-User License Agreement page, read the license terms.

  5. If you agree to the terms, select the I accept the terms in the License Agreement check box, and then click Next.

  6. On the Server Role page, select one of the following options, depending on the role for which you will configure this computer.

    • To install AD FS 2.0 and to begin the process of configuring it for the federation server role, select Federation server, and then click Next.

    • To install AD FS 2.0 and begin the process of configuring it for the federation server proxy role, select Federation server proxy, and then click Next.

  7. On the Install Prerequisite Software page, click Next.

    After you click Next, you see the Installing AD FS 2.0 page.

Note

The installation process can take up to 20 minutes to complete, depending on how many of the prerequisites are already installed on the computer.

  1. On the Completed the AD FS 2.0 Setup Wizard page, verify that the Restart now checkbox is selected, and then click Finish to restart the computer.

To install the AD FS 2.0 software using the command-line

  1. Download the AD FS 2.0 software by saving the AdfsSetup.exe setup file onto the computer. To download this file, go to Active Directory Federation Services 2.0 RTW (https://go.microsoft.com/fwlink/?LinkId=151338).

  2. Locate the AdfsSetup.exe setup file that you downloaded to the computer, and then open a command prompt and change directories to the location of the setup file.

  3. Depending on the role for which you will configure this computer, choose one of the following options:

    • To install AD FS 2.0 and automatically configure it for the federation server role, type adfssetup.exe /quiet, and then press ENTER.

    • To install AD FS 2.0 and automatically configure it for the federation server proxy role, type adfssetup.exe /proxy /quiet, and then press ENTER.

      After you press ENTER, you will notice that the command prompt returns immediately. This is expected behavior because the process is intentionally running in the background.

      The adfssetup.exe file can be used for scripting and supports the following command-line parameters:

      Parameter Description

      /?, /help

      Displays this help message.

      /logfile

      Enables logging of the setup process, and creates a log file in the destination folder.

      /quiet

      Installs AD FS 2.0 quietly, without prompts for user input. This option will install only the components that are necessary for this computer to run in the federation server role unless this parameter is used simultaneously with the /proxy parameter. If necessary, the following prerequisite software will be installed if it has not already been installed: Windows PowerShell, .NET Framework 3.5, the Web Server (IIS) server role, and Windows Identity Foundation.

      /proxy

      Installs only the components of the AD FS 2.0 software that are necessary for this computer to run in the federation server proxy role. If this parameter is not used, only the components that are required for the federation server role will be installed on this computer.

      /norestart

      Does not force a restart of the computer to complete setup, even if a restart is required.

Important

The installation process can take up to 20 minutes to complete, depending on how many of the prerequisites are already installed on the computer. To monitor the progress of the setup process, start Task Manager, click the Processes tab, and monitor the AdfsSetup.exe process until it completes. After AdfsSetup.exe drops off the list of processes, you can start configuring the computer for the appropriate federation server or federation server proxy role using either the AD FS 2.0 Management snap-in or the AD FS 2.0 Federation Server Proxy Configuration Wizard.

Additional references

Checklist: Setting Up a Federation Server

Checklist: Setting Up a Federation Server Proxy