Before ADFS Role Installation:
1- We will be using Group Managed Service Account to manage ADFS.
Run this Powershell command on your Domain Controller to generate KDS root key
Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))
2- If you are going to have more than 1 server as ADFS server, Now it is a good time to put them in a Network Load Balancing Cluster. It is really so easy. Just follow the instructions on this article named: Configuring Network Load Balancing on Windows 2012 Server
ADFS Role Installation:
Server Manager > Add Roles >Role based or Feature based Installation> Active Directory Federation Services
No additional Features are needed. Click and complete the rest of this wizard.
On Server Manager, you will notice an exclamation mark for post-deployment configuration requirement. Click Configure the federation service on this server.
This will be the first server in the adfs farm.
The selected user here must be a domain admin user.
Select your certificate from the SSL Certificate drop-down box. Federation Service Name will be populated automatically depending on your SSL certificate.
Select Create a Group managed Service Account and enter any name you want for the service account. (This user does not exist on the DC at the moment, we are creating it with this wizard)
I will use a separate SQL server
Important: Make sure group service account you created previously is a local administrator on the ADFS servers.
Adding Addtional ADFS Servers To ADFS Farm:
Because Adding Additional servers to ADFS Farm is fairly simple task, I will not add any screenshots here.
1- First, import the certificate that we exported earlier from the first ADFS.
2- Then Install the ADFS Role.
3- When you are configuring, select the option “Add a federation server to a federation server farm” and specify the database server , select the SSL certificate , select the group managed service account and then complete the wizard.
4- Don’t forget to add gsaadfs account as the local administrator to the server
That's it for the first and second ADFS servers. I will install the Web Proxy Server in Part3.
DNS Record Creation and Testing the Web Site:
My ADFS address is adfs.mydomain.local but DNS does not have such a entry at the moment. Go to you DNS server and add a Host Record for your adfs server or servers. If you are running 2 or more ADFS servers like I do, you should put them in a cluster (I added my servers in a Network Load Balancing Cluster). So, ADFS Servers will have a shared cluster IP address (10.50.141.62 in my lab) and we can add that cluster IP address and adfs.yourdomain.local to your DNS.
https://ADFSServerFQDN/adfs/ls/idpinitiatedSignOn.aspx is the URL for ADFS.