다음을 통해 공유


Install-AdfsStandalone

Install-AdfsStandalone

Sets up this computer as a stand-alone federation server for evaluation purposes or for a small lab environment.

Syntax

Parameter Set: ADFSStandAloneEnableAutoCertRollover
Install-AdfsStandalone -CertificateThumbprint <String> -FederationServiceName <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Parameter Set: ADFSStandAloneDisableAutoCertRollover
Install-AdfsStandalone -CertificateThumbprint <String> -DecryptionCertificateThumbprint <String> -FederationServiceName <String> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]

Detailed Description

The Install-AdfsStandalone cmdlet sets up this computer as a stand-alone federation server for evaluation purposes or for a small lab environment.

Parameters

-CertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used in the SSL binding of the Default Web Site in IIS. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DecryptionCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-FederationServiceName<String>

Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-OverwriteConfiguration

This parameter must be used to remove an existing AD FS configuration database and overwrite it with a new database.

Aliases

none

Required?

false

Position?

named

Default Value

False

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SigningCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SSLPort<Int32>

Specifies the value of the port number of the SSL binding that the AD FS web site will use.

Aliases

none

Required?

false

Position?

named

Default Value

443

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • none

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Result object

Examples

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

Installs a standalone AD FS server with federation service name and all certificates specified, including those that are needed to sign and decrypt AD FS service communications.

C:\PS>$fscredential = Get-Credential
C:\PS>Install-AdfsStandalone -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -DecryptionCertificateThumbprint ‎049e0546ca9a63d7fb5a193ccaec29badc125176 -SigningCertificateThumbprint ‎059d9546ca9a63d7fb5a193ccaec29badc236358 -ServiceAccountCredential $fscredential