Some times, mostly in very large organizations or in situations where you have business partners who want to communicate, developers are faced with how to Authenticate users across two Active Directory Domains which don't have an explicit "Trust" setup between them, WITHOUT having to replicate user/password databases.  This is where Active Directory Federated Services (ADFS) comes into play.

↑ Grab this Headline Animator

As defined from the article:

Active Directory^® Federation Services (ADFS) was introduced in Windows Server^® 2003 for organizations that need to participate in standards-based identity federation. With ADFS, you can more easily validate identity data from other organizations, leading to greater interoperability...

This short article outlines how ADFS works in an enterprise environment through an example of two organizations/partners who want to have access to resources/applications in the others domain without having to replicate users. This article covers, at a high-level:

• Using ADFS for SSO in a Single Organization
• Registration, Authentication, and Authorization
• Create the ADAM Account Store
• Configure the ADFS Server
• Configure the IIS Server and Applications
• Importing Certificates
• Add a Resource Partner
• Add an Account Partner
• Set Up a New User
• Set Up a New Resource
• Query for Granted Permissions
• Expanding Trust to Tailspin Toys
• Looking Forward—Windows Live ID Integration

Here's the link to the MSDN Magazine article: Click here

~ Robert Shelton