AD FS 2.0 PowerShell API Overview


You can configure Active Directory® Federation Services (AD FS) 2.0 by using three approaches:

  • Using the AD FS 2.0 Management console

  • Using the Windows PowerShell command-line interface

  • Programmatically using the AD FS 2.0 application programming interface (API)

The first two approaches are intended for information technology (IT) professionals. The third approach is intended for developers who want to create custom tools to configure AD FS 2.0. This topic describes the third approach.

The AD FS 2.0 API provides command classes for each Windows PowerShell cmdlet, and it provides resource classes for the parameters and return values. The command classes extend the abstract System.Management.Automation.Cmdlet class.

For a complete list of Windows PowerShell cmdlets, see the following:

Adding Assembly References in Visual Studio

To use the AD FS 2.0 PowerShell API, you must add the following references to your project:

  • Microsoft.IdentityServer.PowerShell

  • System.Management.Automation

These instructions assume that you are running Microsoft Visual Studio 2008, configured for a C# development environment. To add the Microsoft.IdentityServer.PowerShell assembly reference:

  1. On the Project menu, click Add Reference....

  2. In the Add Reference dialog box, click the Browse tab, and browse to the folder where you installed AD FS 2.0. The default location is C:\Program Files\Active Directory Federation Services 2.0.

  3. Select the Microsoft.IdentityServer.PowerShell.dll, and then click OK.

The System.Management.Automation assembly is in the Global Assembly Cache (GAC), but it is not available in the Add Reference dialog box. To add a reference to this assembly:

  1. Right-click your project, and then click Unload Project.

  2. Right-click the unloaded project, and then click Edit <project name>.csproj.

  3. Add the following line under the <ItemGroup> element:

    <Reference Include="System.Management.Automation" />  
  4. Save and close the project file.

  5. Right-click the unloaded project again, and click Reload Project. You should see the System.Management.Automation assembly in the References folder in your Solution Explorer.

Example: Adding a New Relying Party Trust

The following code sample shows how to add a new relying party trust with using a metadata URL. Next, it lists all configured relying party trusts. Finally, it removes the relying party trust.

using System;  
using System.Collections;  
using System.Collections.Generic;  
using Microsoft.IdentityServer.PowerShell.Commands;  
using Microsoft.IdentityServer.PowerShell.Resources;  
class Program  
    static void Main()  
        Console.WriteLine("Adding Contoso Relying Party.");  
        AddRelyingPartyTrustCommand addRP =   
            new AddRelyingPartyTrustCommand();  
        string url = @"";  
        addRP.MetadataUrl = new Uri(url);  
        addRP.Name = "contoso";  
        IEnumerable result1 = addRP.Invoke();  
        // To actually invoke the command, we need to call  
        // GetEnumerator().MoveNext() on the result  
        Console.WriteLine("Listing all the Relying Parties.");  
        GetRelyingPartyTrustCommand getRP =   
            new GetRelyingPartyTrustCommand();  
        IEnumerable result2 = getRP.Invoke();  
        foreach (object obj in result2)  
            RelyingPartyTrust rp = obj as RelyingPartyTrust;  
            Console.WriteLine("{0}: {1}", rp.Identifier[0], rp.Name);  
        Console.WriteLine("Removing Contoso Relying Party.");  
        RemoveRelyingPartyTrustCommand removeRP =   
            new RemoveRelyingPartyTrustCommand();  
        removeRP.TargetName = "contoso";  
        IEnumerable result3 = removeRP.Invoke();  

See Also

AD FS 2.0 Administration with Windows PowerShell
AD FS 2.0 Cmdlets in Windows PowerShell