This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Dear all,
First i want to say that i don't have experience to delegate Powershell command. Current i need to delegate AD FS Powershell Commandlet Access to Non-Admin Users. I follow the instruction in this article https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/delegate-ad-fs-pshell-access. But there is many issues, errors in the article.
I completed Register PS SSessionConfiguration and i checked that the path to RoleCapabilityFiles is correct:
But when i Enter-pssession, there is error below:
Please help me.
Thanks a lot.
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hi,
We followed in thread below, but some parts in the thread is not clear, it need more detail:
https://github.com/MicrosoftDocs/windowsserverdocs/issues/2727
Hi LinhNguyen,
Nice to hear that you have made it done for the delegate ADFS powershell. As for your mentioned the document is not correct, can you share your insight here so that I can check it and deliver to our related team? We much appreciate your sharing here.
Regards,
Alan
We configured delegate ADFS powershell successfully. The document below is incorrect untill today (July 26), please fix it:
Hi LinhNguyen,
Please feel free to let me know if you have any further concern. I am always here for you.
Regards,
Alan
Hi LinhNguyen,
It is my happiness to reply to your case here.
I'd like to re-confirm whether you have performed all the mentioned steps in https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/delegate-ad-fs-pshell-access and just got the error while performing the last step (determine if the correct users have access to the JEA endpoint).
If yes, please try (you may need to replace the items, especially those bold ones with your own)
Create the folder and empty files needed to create a PowerShell Module
$modulePath = Join-Path $env:ProgramFiles "WindowsPowerShell\Modules\ADFSActivity"
New-Item -ItemType Directory -Path $modulePath
New-Item -ItemType File -Path (Join-Path $modulePath "ADFSActivityFunctions.psm1")
New-ModuleManifest -Path (Join-Path $modulePath "ADFSActivity.psd1") -RootModule "ADFSActivityFunctions.psm1"
$rcFolder = Join-Path $modulePath "RoleCapabilities"
New-Item -ItemType Directory $rcFolder
Create the PowerShell Roll Configuration File and place it into the $rcFolder path above
@{
GUID = '752d9f89-5dc8-4720-9baf-a9ea2749ab5b'
ModulesToImport = 'ADFS'
VisibleCmdlets = 'Reset-AdfsAccountLockout', 'Get-ADFSAccountActivity', 'Set-ADFSAccountActivity'
}
Create the PowerShell Session File
@{
SchemaVersion = '2.0.0.0'
GUID = 'ffb4c0b2-f161-4ddc-a769-d2419b489170'
SessionType = 'RestrictedRemoteServer'
ModulesToImport = 'ADFSAtivity'
GroupManagedServiceAccount = 'INTERNAL\msvc_ADFSMgmt'
RoleDefinitions = @{ 'INTERNAL\ADFSAccountActivity' = @{ RoleCapabilities = 'ADFSActivity' } }
}
Register-PSSessionConfiguration -Name 'ADFSActivity' -Path .\ADFSActivity.pssc -Force
Enter-PSSession -ComputerName ADFSServer -ConfigurationName ADFSActivity
If the issue persists, I'd like to collect the complete steps output of both from the article and my suggested one (screenshots would be better). For protecting your privacy, you can provide the 2 outputs' screenshots of the steps in the Private Message (PM).
Regards,
Alan