Add an Attribute Store

User accounts and computer accounts that require access to a resource that is protected by Active Directory Federation Services (AD FS) are stored in an attribute store, such as Active Directory Domain Services (AD DS). The claims issuance engine uses attribute stores to gather data that is necessary to issue claims. Data from the attribute stores is then projected as claims.

You can use the following procedure to add an attribute store to the Federation Service.

Membership in Administrators, or equivalent, on the local computer is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups.

To add an attribute store

  1. Open AD FS Management.

  2. Under Actions click Add an attribute store.

Screenshot that highlights the Add Attribute Store action.

  1. In the Add an attribute store dialog box, configure the following properties for the attribute store that you want to add:

    • In Display name, type the name that you want to use to identify the attribute store.

    • In Attribute store type, select a supported attribute store type, either Active Directory, LDAP, or SQL.

    • In Connection string, if you have selected either a Lightweight Directory Access Protocol (LDAP) store or a Structured Query Language (SQL) store, enter the string that you used to establish a connection to the attribute store. For Active Directory attribute stores, no connection string is necessary; therefore, this field is disabled.

      Note

      AD FS automatically creates an Active Directory attribute store, by default.

add attribute store

  1. Click OK.

Additional references

AD FS Operations

The Role of Attribute Stores