This is Part 2 of a multi-part series on how to deploy a complete end-to-end Federated Web SSO solution using Windows Server 2012's R2 AD FS role and the Web Application Proxy. In this part I will deploy CONTOSO's and FABRIKAM's domain controllers (AD DS), certificate services (AD CS), and DNS records. In case you missed it:
Here is Part 1 - Overview
The following topology highlights in yellow the two servers that will be built for this part and where they fit into the overall topology. If you wish to see the full topology click here.
Deploy CONTOSO Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), DNS
The following DNS records are needed for CONTOSO to properly resolve the planned CONTOSO Federation Services and SharePoint services.
Note: In the previous figure both records timed out for part of the query, this is due to the fact that a reverse DNS zone was not created and PTR records were not added for the forward records. If you wish to eliminate the DNS request timed out error, you will need to create a reverse lookup zone and add PTR records for the A records. Since PTR records are not needed for the Federation Service, I will skip the steps necessary to create the reverse zone and PTR records.
Deploy FABRIKAM Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), DNS
The following DNS records are needed for FABRIKAM to properly resolve the planned FABRIKAM Federation Services and SharePoint services.
You now have two forests one named contoso.com and one named fabrikam.com along with the DNS records and certificate services needed to support SharePoint 2013 and AD FS. In the upcoming posts additional services will be deployed including SQL, SharePoint 2013, AD FS, and the Web Application Proxy.