I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts. I needed to add several of my accounts to the local Administrators group. Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups. Instead I had to use the command line to add the users.
Open a command promt using the "Run as administrator" function and then run the following command.
net localgroup Administrators /add {domain}\{user}
After installing ADFS 2.0 for SharePoint a Windows login prompt was shown when the SharePoint site forwarded to the ADFS server instead of the ADFS Forms Authentication login screen.
No matter what account I tried to use here I would eventually receive a 401 Not Auhorized error.
The reason for this is that the ADFS website tries to use Windows Authentication before trying to use the Forms authentication which displays the loging page below.
To fix this do the following on the ADFS server: 1. Open IIS and Explore under Default Website\adfs\ls
2. Open the web.config file with Notepad, look for the localAuthenticationTypes section.
3. Move the line for Forms above the line for Integrated and save the web.config file. This will force the ADFS application to use the Login Page authentication before trying to use Windows Authentication.
Comments