Disclaimer:
- This article is LONG. What you're about to do is complicated.
- Read the stuff between the screenshots. It's mostly commented screenshots, really.
- Works for me ™. If it does not work for you, drop me an email or add a comment down below. I'll answer within minutes, usually.
- I can't be blamed.
- I can't be sued.
- Use your brain. Try not to loose it, though.
- I was lazy when i wrote this, so you have GERMAN screenshots and ENGLISH text. Come on, you can do it. Usually I do it the other way around all day trying to translate Microsoft-English to sane German. You can figure stuff out by looking at the screenshots i guess. Just think Weißwurst and Sauerkraut.
This walkthrough is provided as a complete lab, that means i'lll be installing Windows, Linux, Installing an AD, a webserver and all of that stuff. If you already have that infrastructure in place (or bits & pieces of it), just skip the corresponding parts.
Here's the table of contents:
- 1. Install Windows
- 2. Set up Active Directory
- 3. Install Linux
- 4. Install Apache + MariaDB
- 5. Install Nextcloud
- 6. Install the Nextcloud SAML / SSO Plugin
- 7. DoNutS & SSaLt
- 8. Install Install AD FS
- 9. Configure AD FS
- 10. Configure Nextcloud for AD FS Authentication
Step 1: Install Windows
Duh. obviously. I use Windows Server 2016, you might use a different version on your own risk, or you already have it in place, whatever.

Step 2: Set up Active Directory
So you need at least one domain contoller running, obviously. Just for this example lab, i'll set one up named dc01.testdomain.local.
Head over to the Server Manager, add the "Active Directory Domain Services" Role, install it and configure your domain, then reboot. You should have a working Acrive Directory with one domain now. Just for reference i added some screenshots here, in case this REALLY is your first time setting up a domain. Good luck, in that case… 🙂