中文字幕av专区_日韩电影在线播放_精品国产精品久久一区免费式_av在线免费观看网站

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

發布時間:2020-08-10 18:49:16 來源:網絡 閱讀:1222 作者:ganzy 欄目:建站服務器

1.首先登錄Office 365:https://login.partner.microsoftonline.cn/

添加域:nos.hk.cn

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

在域名解析設置里添加TXT記錄:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

這里先跳過添加用戶的步驟。

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

在域名解析中添加以上的記錄:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

其中:login 和 owa兩條記錄為了方便登錄建議添加.

然后返回office 365 驗證:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

顯示已經添加成功!!

接下來設置AD同步:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

接下來

準備單一登錄

 

環境:

AD DC  windows server 2008 R2    DC08.nos.hk.cn

AD FS  windows server 2012 R2    FS.nos.hk.cn

WebProxy windows server 2012 R2  WAP  (不能加域,放在DMZ區)

 

2.先決條件:https://docs.microsoft.com/zh-cn/azure/active-directory/connect/active-directory-aadconnect-prerequisites

1)Azure AD Connect:https://www.microsoft.com/en-us/download/details.aspx?id=47594

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

 

在DC08上安裝 AzureADConnect.msi,Azure AD Connect 服務器必須安裝 .NET Framework 4.5.1 或更高版本和 Microsoft PowerShell 3.0 或更高版本

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

安裝 PS 3.0 /.net 4.5.1: Azure AD Connect 依賴于 Microsoft PowerShell 和 .NET Framework 4.5.1

https://www.microsoft.com/zh-cn/download/details.aspx?id=40855

Windows6.1-KB2819745-x64-MultiPkg:https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows6.1-KB2819745-x64-MultiPkg.msu

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

Microsoft .NET Framework 4.5.1 (Offline Installer): https://download.microsoft.com/download/1/6/7/167F0D79-9317-48AE-AEDB-17120579F8E2/NDP451-KB2858728-x86-x64-AllOS-ENU.exe

 

2)為 Azure AD Connect 啟用 TLS 1.2:

  1. 如果使用 Windows Server 2008R2,請確保已啟用 TLS 1.2。 Windows Server 2012 服務器及更高版本上應該已經啟用了 TLS 1.2。 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001

 

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

出錯了,

  • 如果目標服務器已加入域,請確保已啟用“Windows 遠程托管”

  • 在權限提升的 PSH 命令窗口中,使用命令 Enable-PSRemoting –force

  • 如果目標服務器是未加入域的 WAP 計算機,則需要滿足一些額外的要求

  • 在目標計算機(WAP 計算機)上:

    確保 winrm(Windows 遠程管理/WS-Management)服務正在通過“服務”管理單元運行

  • 在權限提升的 PSH 命令窗口中,使用命令 Enable-PSRemoting –force

    在運行向導的計算機上(如果目標計算機未加入域或者是不受信任的域):

  • 在權限提升的 PSH 命令窗口中,使用命令 :

Set-Item WSMan:\localhost\Client\TrustedHosts –Value <DMZServerFQDN> -Force –Concatenate

在服務器AD FS上運行:Enable-PSRemoting –force

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

在WAP服務器上:

運行:Enable-PSRemoting –force

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

在DC08上運行:

Set-Item WSMan:\localhost\Client\TrustedHosts –Value WAP -Force –Concatenate

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

在WAP無法解析adfs.nos.hk.cn

在DC的DNS服務器和添加:

adfs和wap兩條記錄:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

和WAP服務器中host文件中添加:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

再添加WAP服務器成功:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

出錯了:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO在AD FS服務器上打開:AD FS Management

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

添加:urn:federation:MicrosoftOnline

然后返回重試:

然后又出錯了:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

 

在WAP手動上安裝:WAP

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

得先導入證書:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

返回向導,就可以選擇證書了:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO發布成功!!!

然后返回Azure AD Connect配置,點重試!

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

配置完成,下一步:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

配置外網DNS添加A記錄:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

配置防火墻端口映射:

將外網IP的443 端口映射到DMZ區的WAP服務器的443

接下來驗證一下ADFS是否OK?

To verify that a federation server is operational

  1. Open a browser window and in the address bar, type the federation server name, and then append it withfederationmetadata/2007-06/federationmetadata.xml to browse to the federation service metadata endpoint. For example,https://fs.contoso.com/federationmetadata/2007-06/federationmetadata.xml .

    If in your browser window you can see the federation server metadata without any SSL errors or warnings, your federation server is operational.

  2. You can also browse to the AD FS sign-in page (your federation service name appended with adfs/ls/idpinitiatedsignon.htm, for example, https://fs.contoso.com/adfs/ls/idpinitiatedsignon.htm). This displays the AD FS sign-in page where you can sign in with domain administrator credentials.

 

1.在IE訪問:https://adfs.nos.hk.cn/federationmetadata/2007-06/federationmetadata.xml

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

2.訪問:https://adfs.nos.hk.cn/adfs/ls/idpinitiatedsignon.htm

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

這說明ADFS配置成功。

接下來,我們配置加入域的客戶端SSO

組策略設置IE受信任站點:

1、在計算機配置 - 管理模板 - Windows組件 - Internet控制面板中,有一項站點到區域分配列表:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

 

確保https://adfs.nos.hk.cn 加受信任的區域:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

確保IE設置高級中的“啟用集成Windows 驗證”選中:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

然后在IE中打開owa.nos.hk.cn登錄 OWA:

自動跳轉到adfs.nos.hk.cn

輸入要登錄的域賬號和密碼,并選中“記住我的憑據”:

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

how to deployment Office 365 AD FS SSO --布署 Office 365 AD FS SSO

以后就會自動登錄不用在輸入賬號密碼會自動登錄 啦!

 

總結:Office 365 與AD FS 做SSO 主要注意有以下幾點:

1.要有一張公網的證書,本次實驗用的Symantec的免費證書,只支持一個域名,(之前的StarSSL證書不能用了)

2.用最新的Azure AD Connect  1.1.524.0 發布時間為:2017/5/17 最好是先安裝好ADFS和WebProxy服務器,

不然會出現本次實驗中的兩次錯誤。

3.在做AD FS之前最好先做密碼同步。

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

玉环县| 苍山县| 额尔古纳市| 临澧县| 潮安县| 凉城县| 灵台县| 株洲县| 乌审旗| 灌阳县| 祁连县| 太仓市| 阆中市| 宜川县| 翁牛特旗| 邓州市| 江达县| 宁陕县| 盱眙县| 湘潭市| 筠连县| 延长县| 九龙坡区| 游戏| 天水市| 大安市| 泰州市| 灌南县| 应用必备| 怀柔区| 钟祥市| 获嘉县| 洛阳市| 尉犁县| 新邵县| 奈曼旗| 锦屏县| 锡林郭勒盟| 建昌县| 富民县| 凤城市|