Share via


Install-AdfsFarm

Install-AdfsFarm

Creates the first node of a new federation server farm.

Syntax

Parameter Set: ADFSFarmCreateDefault
Install-AdfsFarm -CertificateThumbprint <String> -FederationServiceName <String> -ServiceAccountCredential <PSCredential> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateDisableAutoCertRollover
Install-AdfsFarm -CertificateThumbprint <String> -DecryptionCertificateThumbprint <String> -FederationServiceName <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateSQL
Install-AdfsFarm -CertificateThumbprint <String> -FederationServiceName <String> -ServiceAccountCredential <PSCredential> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateSQLDisableAutoCertRollover
Install-AdfsFarm -CertificateThumbprint <String> -DecryptionCertificateThumbprint <String> -FederationServiceName <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Detailed Description

The Install-Adfsfarm cmdlet creates the first node of a new federation server farm.

Parameters

-CertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used in the Secure Sockets Layer (SSL) binding of the Default Web Site in Internet Information Services (IIS). This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DecryptionCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-FederationServiceName<String>

Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-OverwriteConfiguration

This parameter must be used to remove an existing AD FS configuration database and overwrite it with a new database.

Aliases

none

Required?

false

Position?

named

Default Value

False

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-ServiceAccountCredential<PSCredential>

Specifies the Active Directory account under which the AD FS service runs.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SigningCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SQLConnectionString<String>

Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SSLPort<Int32>

Specifies the value of the port number of the SSL binding that the AD FS web site will use.

Aliases

none

Required?

false

Position?

named

Default Value

443

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • none

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Result object

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.

In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self signed certificates will be used for the token signing and token decryption certificates.

To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.

C:\PS>$fscredential = Get-Credential
C:\PS>Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential

-------------------------- EXAMPLE 2 --------------------------

Description

-----------

Lists thumbprint values of currently installed certificates.

C:\PS>dir cert:\LocalMachine\My

-------------------------- EXAMPLE 3 --------------------------

Description

-----------

Creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".

In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self signed certificates will be used for the token signing and token decryption certificates.

To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.

C:\PS>$fscredential = Get-Credential
C:\PS>Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True"

-------------------------- EXAMPLE 4 --------------------------

Description

-----------

Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".

In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters respectively.

C:\PS>$fscredential = Get-Credential
C:\PS>Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -OverwriteConfiguration -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad