AD FS Cmdlets in Windows PowerShell
Windows PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer Servicios de federación de Active Directory (AD FS) in Windows Server.
AD FS deployment cmdlets
The AD FS server role now includes cmdlets that you can use to perform Windows PowerShell-based deployment within your federated identity installations and environments.
The following table lists all the cmdlets that are available for deploying AD FS.
Cmdlet | Description |
---|---|
Adds this computer to an existing federation server farm. |
|
Marks the Device Registration Service as disabled on an AD FS server. |
|
Configures a server in an AD FS farm to host the Device Registration Service. |
|
Generates the SQL scripts that can be used separately to create the AD FS database and to grant permissions. |
|
Initializes the Device Registration Service configuration in the Active Directory forest. |
|
Creates the first node of a new federation server farm. |
|
The Publish-SslCertificate cmdlet is deprecated. Instead, use the Set-AdfsSslCertificate cmdlet. |
|
The Remove-AdfsFarmNode cmdlet is deprecated. Instead, use the Uninstall-WindowsFeature cmdlet. |
|
Runs prerequisite checks for installing a new federation server farm. |
|
Runs prerequisite checks for adding the server computer to a federation server farm. |
AD FS administration cmdlets
In addition to deployment, you can continue to use AD FS cmdlets that were first made available in AD FS 2.0 to perform various administrative, configuration, and diagnostic tasks in your federated identity deployment and environments.
The following table lists all the cmdlets that are available for administering AD FS in Windows Server.
Cmdlet | Description |
---|---|
Adds an attribute store to the Federation Service. |
|
Adds a new certificate to AD FS for signing, decrypting, or securing communications. |
|
Adds a claim description to the Federation Service. |
|
Adds a new claims provider trust to the Federation Service. |
|
Registers an OAuth 2.0 client with AD FS. |
|
Adds a custom UPN suffix. |
|
Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service. |
|
Adds a new relying party trust to the Federation Service. |
|
Adds a relying party trust for the proxy. |
|
Disables a claims provider trust in the Federation Service. |
|
Disables an OAuth 2.0 client that is currently registered with AD FS. |
|
Disables an endpoint of AD FS. |
|
Disables a relying party trust for a non-claims-aware web application or service from the Federation Service. |
|
Disables a relying party trust of the Federation Service. |
|
Disables relying party trust for the proxy. |
|
Enables a claims provider trust in the Federation Service. |
|
Enables the use of an OAuth 2.0 client registration by AD FS. |
|
Enables an endpoint in AD FS. |
|
Enables a relying party trust for a non-claims-aware web application or service from the Federation Service. |
|
Enables a relying party trust of the Federation Service. |
|
Enables the relying party trust object for the web application proxy. |
|
Exports the custom configuration of an external authentication provider to a file. |
|
Exports properties of all web content objects in a specific locale to a specified file. |
|
Exports a web theme to a folder. |
|
Retrieves the global rules that trigger additional authentication providers to be invoked. |
|
Gets the attribute stores of the Federation Service. |
|
Gets a list of all authentication providers in AD FS. |
|
Retrieves web content objects for authentication providers. |
|
Retrieves the certificates from AD FS. |
|
Gets claim descriptions from the Federation Service. |
|
Gets the claims provider trusts in the Federation Service. |
|
Retrieves registration information for an OAuth 2.0 client. |
|
Gets the administrative polices of the Device Registration Service. |
|
Gets the UPN suffixes that can be used with device registration. |
|
Retrieves an endpoint in AD FS. |
|
Displays the AD FS global policy. |
|
Gets global web content objects. |
|
Gets the properties of a relying party trust for a non-claims-aware web application or service. |
|
Gets all the associated properties for the AD FS service. |
|
The Get-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet. |
|
Gets the relying party trusts of the Federation Service. |
|
Gets web content objects for relying parties. |
|
Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service. |
|
Gets synchronization properties the configuration database of AD FS. |
|
Gets the relying party trust object for Proxy de aplicación web. |
|
Gets AD FS web customization configuration settings. |
|
Gets web themes. |
|
Imports the custom configuration for an authentication provider. |
|
Imports properties from a resource file into global and relying party web content objects. |
|
Creates a set of claim rules. |
|
Creates a contact person object. |
|
Creates a new organization information object. |
|
Creates a SAML protocol endpoint object. |
|
Creates an AD FS web theme. |
|
Registers an external authentication provider in AD FS. |
|
Removes an attribute store from the Federation Service. |
|
Removes web content customization of the authentication provider in the user sign-in web pages from AD FS. |
|
Removes a certificate from AD FS. |
|
Removes a claim description from the Federation Service. |
|
Removes a claims provider trust from the Federation Service. |
|
Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS. |
|
Removes a custom UPN suffix. |
|
Removes a global web content object. |
|
Removes a relying party trust for a non-claims-aware web application or service from the Federation Service. |
|
Removes a relying party trust from the Federation Service. |
|
Removes a relying party web content object. |
|
Removes the relying party trust object for the proxy. |
|
Removes a web theme. |
|
Revokes trust for all configured for the Federation Service. |
|
Sets the global rules that provide the trigger for additional authentication providers to be invoked. |
|
Modifies properties of an attribute store. |
|
Modifies a display name and description. |
|
Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications. |
|
Sets the account that is used for sharing managed certificates in a federation server farm. |
|
Modifies the properties of a claim description. |
|
Sets the properties of a claims provider trust. |
|
Modifies registration settings for an OAuth 2.0 client registered with AD FS. |
|
Configures the administrative policies for the Device Registration Service. |
|
Sets the list of UPN suffixes. |
|
Sets the endpoint on a Proxy de aplicación web. |
|
Modifies the AD FS global policy. |
|
Sets properties for global web content objects. |
|
Sets the properties of a relying party trust for a non-claims-aware web application or service. |
|
Sets the properties that control global behaviors in AD FS. |
|
The Set-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Set-AdfsDeviceRegistrationUpnSuffix cmdlet. |
|
Sets the properties of a relying party trust. |
|
Sets properties for the relying party web content objects. |
|
Sets an SSL certificate for HTTPS bindings for AD FS and the device registration service. |
|
Modifies the frequency of synchronization for AD FS configuration database and which server is primary in the farm. |
|
Modifies properties of the relying party trust object for Proxy de aplicación web. |
|
Modifies web customization configuration settings. |
|
Modifies properties of a web theme. |
|
Deletes an external authentication provider from AD FS. |
|
Updates the certificates of AD FS. |
|
Updates the claims provider trust from federation metadata. |
|
Updates the relying party trust from federation metadata. |
To use these cmdlets you must have previously installed the AD FS server role. This can be done using the Add Roles and Features Wizard in Server Manager or optionally, you can use the Install-WindowsFeature AD-Federation-Services cmdlet at a Windows PowerShell prompt to add the role.
Once the role is added, you can list all the cmdlets that are available in the AD FS module by using the Get-Command * -module ADFS cmdlet.
For more information about—or for the syntax for—any of the AD FS cmdlets, use the Get-Help <cmdlet name> cmdlet, where <cmdlet name> is the name of the cmdlet that you want to research. For more detailed information, you can run any of the following cmdlets:
Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Full
Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Examples
More information
For more information about the AD FS cmdlets, see the following: