When you add more than one account store to your Active Directory Federation Services (AD FS) configuration, account-store priority determines the order in which AD FS uses account stores. AD FS attempts to authenticate users beginning with the first account store. Only when authentication fails for a user does AD FS attempt to authenticate the user with the next account store in the priority list. AD FS tries to authenticate a user until the user is successfully authenticated or until all account stores have been tried. AD FS stops trying additional account stores as soon as one account store successfully authenticates a user.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at
You can use the following procedure to configure the account store priority.
To configure the account store priority |
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
In the console tree, double-click Federation Service, Trust Policy, and My Organization.
Right-click Account Stores, and then click Store Priority.
In the Account Store Prioritization dialog box, select an account store, use the Up and Down buttons to move the account store in the priority list, and then click OK.