I'm trying to configure the ADFS role on a new 2012 R2 domain controller following these steps:
http://technet.microsoft.com/en-us/library/dn303424.aspx
However, if I try to create a new service account using the GUI I get the following error:
The specified service account 'CN=adfstest' did not exist. Attempt to create the group Managed Service Account failed. Error: There is no such object on the server.
I added the KDS root key yesterday.
If I add the service account manually:
New-ADServiceAccount adfstest -DNSHostName fs.contoso.ie -ServicePrincipalNames http/fs.contoso.ie -Path "OU=Managed Service Accounts,DC=contoso,DC=ie"
This works fine, but configuring the ADFS farm with this service account I get a similar error:
PS C:\Windows\system32> Install-AdfsFarm -CertificateThumbprint xxxxxxxxxxxxxxx -FederationServ iceName fs.contoso.ie -GroupServiceAccountIdentifier contoso\adfstest$ | fl Install-AdfsFarm : The system cannot find the file specified At line:1 char:1+ Install-AdfsFarm -CertificateThumbprint xxxxxxxxxxxxxxxxxxxxxxxxxx...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+ CategoryInfo : NotSpecified: (:) [Install-AdfsFarm], DisplayableArgumentException+ FullyQualifiedErrorId : DeploymentTask,Microsoft.IdentityServer.Deployment.Commands.InstallFarmCommand Message : Unable to retrieve group Managed Service Account information. The system cannot find the file specified Context : DeploymentTask Status : Error
What am I missing?