Site icon TOSS

Install-AdfsFarm

powershell

Install-AdfsFarm is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.

Synopsis

Creates the first node of a new federation server farm.

Description

The Install-AdfsFarm cmdlet creates the first node of a new federation server farm.

Parameters

-AdminConfiguration

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-CertificateThumbprint <String>
    Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Credential <PSCredential>
    Specfies a PSCredential object.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-DecryptionCertificateThumbprint <String>
    Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-FederationServiceDisplayName <String>
    Specifies a display name.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-FederationServiceName <String>
    Specifies a Federation Service name.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-GroupServiceAccountIdentifier <String>
    Specifies the firstref_adds Group Managed Service Account under which the Active Directory Federation Services (AD FS) service runs.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-OverwriteConfiguration <SwitchParameter>
    Overwrites an existing AD FS configuration database with a new database.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ServiceAccountCredential <PSCredential>
    Specifies the Active Directory account under which the AD FS service runs.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SigningCertificateThumbprint <String>
    Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SQLConnectionString <String>
    Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-SSLPort <Int32>
    Specifies an SSL port.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-TlsClientPort <Int32>
    Specfies a TLS client port.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Confirm <SwitchParameter>
    Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WhatIf <SwitchParameter>
    Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

Syntax

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -DecryptionCertificateThumbprint <String> -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -ServiceAccountCredential <PSCredential> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

Install-AdfsFarm [-CertificateThumbprint <String>] [-Credential <PSCredential>] -FederationServiceName <String> [-FederationServiceDisplayName <String>] -GroupServiceAccountIdentifier <String> [-OverwriteConfiguration] [-SSLPort <Int32>] [-TlsClientPort <Int32>] [-WhatIf] [-Confirm] [<CommonParameters>]

————————Example 1————————
Create the first node in a federation server farm using WID on the local server
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential
Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.

In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.

To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.

————————Example 2————————
Create the first node in a federation server farm using a group Managed Services Account
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -GroupServiceAccountIdentifier TOSSolution\GroupAccount01
This example creates the first node in a federation server farm that uses a group Managed Service Account as the service account. In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates. To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
Lists thumbprint values of currently installed certificates.

————————Example 3————————
Create the first node in a federation server farm that uses SQL Server on a remote computer
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential -SQLConnectionString “Data Source=SQLHost;Integrated Security=True”
Creates the first node in a federation server farm that uses a Microsoft SQL Server database on a remote computer named SQLHost.
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.
To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.


————————Example 4————————
Overwrite an AD FS configuration and create the first node in a federation server farm
PS C:> $fscredential = Get-Credential
PS C:> Install-AdfsFarm -CertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -FederationServiceName fs.Delhi.TOSSolution.com -ServiceAccountCredential $fscredential -SQLConnectionString “Data Source=SQLHost;Integrated Security=True” -OverwriteConfiguration -SigningCertificateThumbprint 83e8l348ec6e77eb2ae17f028fe5da2be34cbed -DecryptionCertificateThumbprint e3de5064c521d625c8d53536bc98aa9cd28e1ead

Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named SQLHost.

In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters respectively.

————————Example 5———————–
Install AD FS without DA permission
PS C:>Install-AdfsFarm -CertificateThumbprint -FederationServiceName “fs.TOSSolution.com” ServiceAccountCredential $svcCred -Credential $localAdminCred [-OverwriteConfiguration] -AdminConfiguration $adminConfig

In this example, the CertificateThumbprint parameter specifies the thumbprint of the SSL certificate in the local machine My store that is used for AD FS and the Web Application Proxy.
The FederationServiceName parameter specifies the DNS name of the federation service.
The ServiceAccountCredential parameter specifies the credentials of the login account for AD FS.
The Credential parameter specifies the credentials for the local administrator (a non-domain administrator) account used install AD FS.
The AdminConfiguration parameter specifies the object returned from the CreateNonDADkmContainer.ps1 script. For example, PS C:>.\CreateNonDADkmContainer -AcctToAclDkmContainer “TOSSolution\FsSvcAcct”. The object represents the location and name of the DKM container created by the script.

————————Example 6———————–
Install AD FS without DA permission using gMSA as an AD FS account
PS C:>Set-ADServiceAccount -Identity fsgmsaacct -PrincipalsAllowedToDelegateToAccount “”
PS C:>Install-AdfsFarm -CertificateThumbprint -FederationServiceName “fs.TOSSolution.com” -Credential $localAdminCred -GroupServiceAccountIdentifier “TOSSolution\gmsaacct$” [-OverwriteConfiguration] -AdminConfiguration $adminConfig

In the first command, the PrincipalsAllowedToDelegateToAccount parameter specifies the name of the non-domain administrator account used to install AD FS.
In the second command, the CertificateThumbprint parameter specifies the thumbprint of the SSL certificate in the local machine My store that is used for AD FS and the Web Application Proxy.
The FederationServiceName parameter specifies the DNS name of the federation service.
The Credential parameter specifies the credentials for the local administrator (a non-domain administrator) account used install AD FS.
The GroupServiceAccountIdentifier parameter specifies the name of the gMSA logon account for AD FS. The identifier must be terminated by a dollar sign ($).
The AdminConfiguration parameter specifies the object returned from the CreateNonDADkmContainer.ps1 script, which represents the location and name of the DKM container created by the script.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Install-AdfsFarm

To know more PowerShell cmdlets(Commands) on Active Directory Federation Services(ADFS) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version