2 dages virtuelt kursus

Virtual Masterclass: Managing Active Directory Federation Services for Multiple Organizations

Står du over for at skulle implementere Active Directory Federation Services på tværs af virksomheder, så er dette kursus perfekt til dig. Du lærer, hvordan du installerer og konfigurerer ADFS på tværs af virksomhederne og tager hensyn til forskellige rettigheder. Du skal have gennemført kurset ADF for at kunne deltage på dette kursus. Undervisningen foregår på engelsk.

Form virtual delivery

Before you participate on a virtual course, we always try to arrange a 15-20 minute test session with the participants a week before to make sure that everyone is capable to attend the Masterclass. Below you will find the technical requirements for connecting to the virtual training:

  • A computer with a stable internet connection (preferably Windows or Mac OS)
  • Permissions for outgoing RDP connections to external servers (to our lab environment) – port 3389
  • A headset (headphones + microphone)
  • Webcam (built-in or plug-in)
  • Additional monitor will be helpful but it’s not required

Multi organization ADFS is a perfect course if you need to implement ADFS across different organizations!

Federated Identity is the most discussed topic in terms of organization cooperation right now, and with this course you will get all the knowledge you will need when you are planning to host services that will connect users across different organizations.

As an add-on course, we will extend previous labs with multi organizations trust, discover problems arising from connecting remote parties and find an automated way to make sure that everything is working smoothly. Using ADFS 3.0 on Windows 2016, we will connect parties using various active directory topologies and versions, to simulate all the problems that you will be facing in real world deployment. As a CQURE course, we will focus on security of ADFS, and show a way to solve common access problems – from hacking the user identity, to solving permission problems.

A good enterprise implementation is not complete if we do not think about backup and scripting – so after implementing business partner connectivity, we will focus on scripting the implementation, which will not only allow us to quickly backup and restore our servers, but also allow us to prepare automatic configuration scripts for remote party.

The last part of this course is focused on large ADFS implementations, where load-balancing client traffic is a must. You will not only learn how to load balance ADFS farm, but also get to known Microsoft load balancer included in IIS.

Participant Profile

This course is intended for IT professionals such as Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security, who would like to implement and administer Active Directory Federation Services across the organizations.


Participants should have participated in ADF and have good hands-on experience in administering Windows infrastructure.

At the end of the course you will be able to:

  • Deploy AD Federation Services to provide claims-aware authentication for multiple organizations.
  • Implement AD Federation Services high availability and load balancing.
  • Implement Claims filtering and processing, to secure multi-organization enabled application.
  • Script and backup ADFS environment.
  • Automate business partner setup procedure for ADFS.
  • Configure Active Directory for ADFS.


Module 1
  • Working with external parties
  • LAB – Installing ADFS in Forest/Domain trust environment
  • LAB (Optional) – Install adfs in 2003 domain-level environment
  • LAB: Testing simple web application
  • LAB: Testing thick application
Module 2
  • Home Realm Discovery
  • LAB: Hacking ADFS Claims
  • LAB: Authorizing users
  • Working with groups
  • LAB: Adding additional claims
  • LAB: Multiple roles and claims
  • CpT and rules
  • LAB: Per-CpT Rules
  • LAB: MFA and CpT
Module 3
  • Scripting ADFS
  • LAB: Backup ADFS Config
  • LAB: Export RP and CpT
  • LAB: Unattended Installation
Module 4
  • Working with clients
  • LAB: Creating automatic client configuration scripts
  • Working with IE Security Zones
  • LAB: Creating GPO for IE zones
  • LAB: Creating automated Claim Provided Trust configuration for clients
Module 5
  • Load Balancing ADFS
  • Setting up ADFS Farm
  • LAB: Using IIS ARR to load-balance ADFS
  • LAB(Optional): Clustering IIS ARR


Exercises, presentations slides with notes.

CPE Point (Continuing professional education)

It will be possible to earn CPE points after completion this course.


Mike Jankowski-Lorek is a solution architect, developer, data scientist and security expert with more than 12-years’ experience in the field. He designs and implements solutions for Databases, Network & Management area, mainly for Microsoft platform for medium to enterprise level organizations. Mike holds multiple certifications, especially security, database and software development related. He is one of core Experts at CQURE and holds a PhD in Computer Science.

Har du faglige spørgsmål, så kontakt:
Andre kigger også på