Install-AdfsFarm is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.
Synopsis
Creates the first node of a new federation server farm.
Description
The Install-AdfsFarm cmdlet creates the first node of a new federation server farm.
Parameters
-AdminConfiguration
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-CertificateThumbprint <String>
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
Specfies a PSCredential object.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-DecryptionCertificateThumbprint <String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FederationServiceDisplayName <String>
Specifies a display name.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-FederationServiceName <String>
Specifies a Federation Service name.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-GroupServiceAccountIdentifier <String>
Specifies the firstref_adds Group Managed Service Account under which the Active Directory Federation Services (AD FS) service runs.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-OverwriteConfiguration <SwitchParameter>
Overwrites an existing AD FS configuration database with a new database.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-ServiceAccountCredential <PSCredential>
Specifies the Active Directory account under which the AD FS service runs.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-SigningCertificateThumbprint <String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-SQLConnectionString <String>
Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-SSLPort <Int32>
Specifies an SSL port.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-TlsClientPort <Int32>
Specfies a TLS client port.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm <SwitchParameter>
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf <SwitchParameter>
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
Syntax
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]
————————Example 1————————
Create the first node in a federation server farm using WID on the local server
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential
Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.
To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
————————Example 2————————
Create the first node in a federation server farm using a group Managed Services Account
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -GroupServiceAccountIdentifier TOSSolution\GroupAccount01
This example creates the first node in a federation server farm that uses a group Managed Service Account as the service account. In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates. To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
Lists thumbprint values of currently installed certificates.
————————Example 3————————
Create the first node in a federation server farm that uses SQL Server on a remote computer
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential -SQLConnectionString “Data Source=SQLHost;Integrated Security=True”
Creates the first node in a federation server farm that uses a Microsoft SQL Server database on a remote computer named SQLHost.
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.
To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
————————Example 4————————
Overwrite an AD FS configuration and create the first node in a federation server farm
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential -SQLConnectionString “Data Source=SQLHost;Integrated Security=True” -OverwriteConfiguration -SigningCertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -DecryptionCertificateThumbprint e3de5064c521d625c8d53536bc98aa9cd28e1ead
Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named SQLHost.
In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters respectively.
————————Example 5———————–
Install AD FS without DA permission
PS C:>Install-AdfsFarm -CertificateThumbprint -FederationServiceName “fs.TOSSolution.com” ServiceAccountCredential $svcCred -Credential $localAdminCred [-OverwriteConfiguration] -AdminConfiguration $adminConfig
In this example, the CertificateThumbprint parameter specifies the thumbprint of the SSL certificate in the local machine My store that is used for AD FS and the Web Application Proxy.
The FederationServiceName parameter specifies the DNS name of the federation service.
The ServiceAccountCredential parameter specifies the credentials of the login account for AD FS.
The Credential parameter specifies the credentials for the local administrator (a non-domain administrator) account used install AD FS.
The AdminConfiguration parameter specifies the object returned from the CreateNonDADkmContainer.ps1 script. For example, PS C:>.\CreateNonDADkmContainer -AcctToAclDkmContainer “TOSSolution\FsSvcAcct”. The object represents the location and name of the DKM container created by the script.
————————Example 6———————–
Install AD FS without DA permission using gMSA as an AD FS account
PS C:>Set-ADServiceAccount -Identity fsgmsaacct -PrincipalsAllowedToDelegateToAccount “”
PS C:>Install-AdfsFarm -CertificateThumbprint -FederationServiceName “fs.TOSSolution.com” -Credential $localAdminCred -GroupServiceAccountIdentifier “TOSSolution\gmsaacct$” [-OverwriteConfiguration] -AdminConfiguration $adminConfig
In the first command, the PrincipalsAllowedToDelegateToAccount parameter specifies the name of the non-domain administrator account used to install AD FS.
In the second command, the CertificateThumbprint parameter specifies the thumbprint of the SSL certificate in the local machine My store that is used for AD FS and the Web Application Proxy.
The FederationServiceName parameter specifies the DNS name of the federation service.
The Credential parameter specifies the credentials for the local administrator (a non-domain administrator) account used install AD FS.
The GroupServiceAccountIdentifier parameter specifies the name of the gMSA logon account for AD FS. The identifier must be terminated by a dollar sign ($).
The AdminConfiguration parameter specifies the object returned from the CreateNonDADkmContainer.ps1 script, which represents the location and name of the DKM container created by the script.
You can check the Version, CommandType and Source of this cmdlet by giving below command.
Get-Command Install-AdfsFarm