Install-AdfsStandalone
Install-AdfsStandalone
Sets up this computer as a stand-alone federation server for evaluation purposes or for a small lab environment.
Syntax
Parameter Set: ADFSStandAloneEnableAutoCertRollover
Install-AdfsStandalone -CertificateThumbprint <String> -FederationServiceName <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]
Parameter Set: ADFSStandAloneDisableAutoCertRollover
Install-AdfsStandalone -CertificateThumbprint <String> -DecryptionCertificateThumbprint <String> -FederationServiceName <String> -SigningCertificateThumbprint <String> [-OverwriteConfiguration] [-SSLPort <Int32> ] [ <CommonParameters>]
Detailed Description
The Install-AdfsStandalone cmdlet sets up this computer as a stand-alone federation server for evaluation purposes or for a small lab environment.
Parameters
-CertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used in the SSL binding of the Default Web Site in IIS. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-DecryptionCertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-FederationServiceName<String>
Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-OverwriteConfiguration
This parameter must be used to remove an existing AD FS configuration database and overwrite it with a new database.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
False |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-SigningCertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-SSLPort<Int32>
Specifies the value of the port number of the SSL binding that the AD FS web site will use.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
443 |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
- none
Outputs
The output type is the type of the objects that the cmdlet emits.
- Result object
Examples
-------------------------- EXAMPLE 1 --------------------------
Description
-----------
Installs a standalone AD FS server with federation service name and all certificates specified, including those that are needed to sign and decrypt AD FS service communications.
C:\PS>$fscredential = Get-Credential
C:\PS>Install-AdfsStandalone -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -DecryptionCertificateThumbprint 049e0546ca9a63d7fb5a193ccaec29badc125176 -SigningCertificateThumbprint 059d9546ca9a63d7fb5a193ccaec29badc236358 -ServiceAccountCredential $fscredential