Managing ADFS with PowerShell


Some of the items within ADFS can be managed via PowerShell, these include;

  • Add trust partners
  • Add SAML 2.0 federation trust partners
  • Manage trust partner settings
  • Configure claim types and ADFS 2.0 server policy
  • Manage policy using more complex sets of stored rules
  • Monitor partner metadata

For introductory information regarding Windows PowerShell please refer to the following link – Scripting with Windows PowerShell

The ADFS PowerShell snap-in is automatically installed when the ADFS Server role is installed on a Server 2008/201server. You can confirm the cmdlets are ready for use by entering the following command in the PowerShell prompt;

Add-PSSnapin Microsoft.AD FS.PowerShell

Once this has been ran, you will see the following as part of the output of the get-PSSnapin command:

Name        : Microsoft.AD FS.PowerShell

PSVersion: 1.0

Description: This PowerShell snap-in contains cmdlets used to manage Microsoft Identity Server resources.

To view a list of all the AD FS 2.0 cmdlets, run the following command in the PowerShell:

Get-Command *-AD FS*

 You can obtain syntax help for individual cmdlets by using Get-Help followed by the name of the cmdlet, as follows;

Get-Help Set-AD FSProperties

Similar to other PowerShell snap-ins, the AD FS cmdlets adhere to a predictable <Verb>-<Noun> syntax. So when managing an AD FS Relaying Party trust, you can use cmdlets such as;

  • Add-AD FSRelyingPartyTrust
  • Remove-ADFSRelyingPartyTrust
  • Set-AD FSRelyingPartyTrust
  • Enable-AD FSRelyingPartyTrust
  • Disable-AD FSRelyingPartyTrust
  • Update-AD FSRelyingPartyTrust

As is the case with other PowerShell snap-ins, you can autocomplete longer cmdlet names using the TAB key.

While the most comprehensive list of available cmdlets can be found using the Get-Command *-AD FS* syntax described as above, the following is a list of the AD FS properties and configuration items that can be managed using PowerShell;

  • AD FSClaimsProviderTrust
  • AD FSAttributeStore
  • AD FSClaimDescription
  • AD FSEndpoint
  • AD FSCertificate
  • AD FSProxyProperties
  • AD FSClaimRuleSet
  • AD FSSAMLEndpoint
  • AD FSContactPerson
  • AD FSOrganization
  • AD FSCertSharingContainer
  • AD FSSyncProperties

 

About Stephen Pothecary
IT Professional and Cloud Evangelist! IT Manager at Comms Group UK Ltd - Managed Services | Solutions | Procurement | Support Services | Cloud | Fujitsu!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: