Best Practices
The following are best practices from this chapter:
• Use FIM or another metadirectory management tool to keep disparate directories synchronized.
• Use AD LDS for applications that require custom schema changes, and keep the information in those AD LDS instances synchronized to a central AD DS farm with the use of FIM.
• Use AD FS 2.0 to provide for Single Sign-On to claims-aware applications on the Internet, such as those that use SAML 2.0 tokens.
• Use AD FS for Single Sign-On support across multiple platforms.
• Consider using FIM for automatic provisioning/provisioning of user accounts across multiple directories. By establishing a firm policy on deprovisioning accounts that are no longer active, greater overall security ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.