ADFS
This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer Active Directory Federation Services (AD FS) in Windows Server.
Add-AdfsAttributeStore |
Adds an attribute store to the Federation Service. |
Add-AdfsCertificate |
Adds a new certificate to AD FS for signing, decrypting, or securing communications. |
Add-AdfsClaimDescription |
Adds a claim description to the Federation Service. |
Add-AdfsClaimsProviderTrust |
Adds a new claims provider trust to the Federation Service. |
Add-AdfsClaimsProviderTrustsGroup |
Creates a claims provider trust group based on metadata that contains multiple entities. |
Add-AdfsClient |
Registers an OAuth 2.0 client with AD FS. |
Add-AdfsDeviceRegistrationUpnSuffix |
Adds a custom UPN suffix. |
Add-AdfsFarmNode |
Adds this computer to an existing federation server farm. |
Add-AdfsLocalClaimsProviderTrust |
Creates a local claims provider trust. |
Add-AdfsNativeClientApplication |
Adds a native client application role to an application in AD FS. |
Add-AdfsNonClaimsAwareRelyingPartyTrust |
Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service. |
Add-AdfsRelyingPartyTrust |
Adds a new relying party trust to the Federation Service. |
Add-AdfsRelyingPartyTrustsGroup |
Creates a relying party trusts group. |
Add-AdfsScopeDescription |
Adds a scope description in AD FS. |
Add-AdfsServerApplication |
Adds a server application role to an application in AD FS. |
Add-AdfsTrustedFederationPartner |
Adds configuration settings for trusted federation partners in AD FS. |
Add-AdfsWebApiApplication |
Adds a Web API application role to an application in AD FS. |
Add-AdfsWebApplicationProxyRelyingPartyTrust |
Adds a relying party trust for the Web Application Proxy. |
Disable-AdfsApplicationGroup |
Disables an application group. |
Disable-AdfsCertificateAuthority |
Disables a certificate authority. |
Disable-AdfsClaimsProviderTrust |
Disables a claims provider trust in the Federation Service. |
Disable-AdfsClient |
Disables an OAuth 2.0 client that is currently registered with AD FS. |
Disable-AdfsDeviceRegistration |
Marks the Device Registration Service as disabled on an AD FS server. |
Disable-AdfsEndpoint |
Disables an endpoint of AD FS. |
Disable-AdfsLocalClaimsProviderTrust |
Disables a local claims provider trust. |
Disable-AdfsNonClaimsAwareRelyingPartyTrust |
Disables a relying party trust for a non-claims-aware web application or service from the Federation Service. |
Disable-AdfsRelyingPartyTrust |
Disables a relying party trust of the Federation Service. |
Disable-AdfsWebApplicationProxyRelyingPartyTrust |
Disables the relying party trust for the Web Application Proxy. |
Enable-AdfsApplicationGroup |
Enables an application group in AD FS. |
Enable-AdfsClaimsProviderTrust |
Enables a claims provider trust in the Federation Service. |
Enable-AdfsClient |
Enables the use of an OAuth 2.0 client registration by AD FS. |
Enable-AdfsDeviceRegistration |
This cmdlet has been deprecated. |
Enable-AdfsEndpoint |
Enables an endpoint in AD FS. |
Enable-AdfsLocalClaimsProviderTrust |
Enables a local claims provider trust. |
Enable-AdfsNonClaimsAwareRelyingPartyTrust |
Enables a relying party trust for a non-claims-aware web application or service from the Federation Service. |
Enable-AdfsRelyingPartyTrust |
Enables a relying party trust of the Federation Service. |
Enable-AdfsWebApplicationProxyRelyingPartyTrust |
Enables the relying party trust object for the Web Application Proxy. |
Export-AdfsAuthenticationProviderConfigurationData |
Returns a file containing the tenant ID for which the AD FS farm is configured for Azure MFA, as well as the well-known client ID for Azure MFA. |
Export-AdfsDeploymentSQLScript |
Generates SQL scripts to create the AD FS database and to grant permissions. |
Export-AdfsWebContent |
Exports properties of all web content objects in a specific locale to a specified file. |
Export-AdfsWebTheme |
Exports a web theme to a folder. |
Get-AdfsAccessControlPolicy |
Gets an AD FS access control policy. |
Get-AdfsAdditionalAuthenticationRule |
Retrieves the global rules that trigger additional authentication providers to be invoked. |
Get-AdfsApplicationGroup |
Gets an application group. |
Get-AdfsApplicationPermission |
Gets permission for an application. |
Get-AdfsAttributeStore |
Gets the attribute stores of the Federation Service. |
Get-AdfsAuthenticationProvider |
Gets a list of all authentication providers in AD FS. |
Get-AdfsAuthenticationProviderWebContent |
Retrieves web content objects for authentication providers. |
Get-AdfsAzureMfaConfigured |
Gets whether Azure MFA is enabled. |
Get-AdfsCertificate |
Retrieves the certificates from AD FS. |
Get-AdfsCertificateAuthority |
Gets a certificate authority. |
Get-AdfsClaimDescription |
Gets claim descriptions from the Federation Service. |
Get-AdfsClaimsProviderTrust |
Gets the claims provider trusts in the Federation Service. |
Get-AdfsClaimsProviderTrustsGroup |
Gets an AD FS claims provider trust group. |
Get-AdfsClient |
Retrieves registration information for an OAuth 2.0 client. |
Get-AdfsDeviceRegistration |
Gets the administrative polices of the Device Registration Service. |
Get-AdfsDeviceRegistrationUpnSuffix |
Gets the UPN suffixes that can be used with device registration. |
Get-AdfsEndpoint |
Retrieves an endpoint in AD FS. |
Get-AdfsFarmInformation |
Gets AD FS behavior level and farm node information. |
Get-AdfsGlobalAuthenticationPolicy |
Displays the AD FS global policy. |
Get-AdfsGlobalWebContent |
Gets global web content objects. |
Get-AdfsLocalClaimsProviderTrust |
Gets local claims provider trusts. |
Get-AdfsNativeClientApplication |
Gets native client application roles from an application in AD FS. |
Get-AdfsNonClaimsAwareRelyingPartyTrust |
Gets the properties of a relying party trust for a non-claims-aware web application or service. |
Get-AdfsProperties |
Gets all the associated properties for the AD FS service. |
Get-AdfsRegistrationHosts |
The Get-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet. |
Get-AdfsRelyingPartyTrust |
Gets the relying party trusts of the Federation Service. |
Get-AdfsRelyingPartyTrustsGroup |
Gets a relying party trust group. |
Get-AdfsRelyingPartyWebContent |
Gets web content objects for relying parties. |
Get-AdfsRelyingPartyWebTheme |
Gets properties of web themes applied to relying party trusts. |
Get-AdfsScopeDescription |
Gets a description for a scope in AD FS. |
Get-AdfsServerApplication |
Gets configuration settings for a server application role for an application in AD FS. |
Get-AdfsSslCertificate |
Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service. |
Get-AdfsSyncProperties |
Gets synchronization properties the configuration database of AD FS. |
Get-AdfsTrustedFederationPartner |
Gets a trusted federation partner in AD FS. |
Get-AdfsWebApiApplication |
Gets Web API application roles in AD FS. |
Get-AdfsWebApplicationProxyRelyingPartyTrust |
Gets the relying party trust object for the Web Application Proxy. |
Get-AdfsWebConfig |
Gets AD FS web customization configuration settings. |
Get-AdfsWebTheme |
Gets web themes. |
Grant-AdfsApplicationPermission |
Grants application permission. |
Import-AdfsAuthenticationProviderConfigurationData |
Imports the custom configuration for an authentication provider. |
Import-AdfsWebContent |
Imports properties from a resource file into global and relying party web content objects. |
Initialize-ADDeviceRegistration |
Initializes the Device Registration Service configuration in the Active Directory forest. |
Install-AdfsFarm |
Creates the first node of a new federation server farm. |
Invoke-AdfsFarmBehaviorLevelRaise |
Raises the behavior level of a farm. |
New-AdfsAccessControlPolicy |
Creates an AD FS access control policy. |
New-AdfsApplicationGroup |
Creates an application group. |
New-AdfsAzureMfaTenantCertificate |
Creates a certificate for the AD FS farm to use to connect to Azure MFA, or returns the currently configured certificate. |
New-AdfsClaimRuleSet |
Creates a set of claim rules. |
New-AdfsContactPerson |
Creates a contact person object. |
New-AdfsLdapAttributeToClaimMapping |
Creates a mapping between an attribute of an LDAP folder and an AD FS claim type. |
New-AdfsLdapServerConnection |
Creates a connection object. |
New-AdfsOrganization |
Creates a new organization information object. |
New-AdfsSamlEndpoint |
Creates a SAML protocol endpoint object. |
New-AdfsWebTheme |
Creates an AD FS web theme. |
Publish-SslCertificate |
The Publish-SslCertificate cmdlet is deprecated. Instead, use the Set-AdfsSslCertificate cmdlet. |
Register-AdfsAuthenticationProvider |
Registers an external authentication provider in AD FS. |
Remove-AdfsAccessControlPolicy |
Removes an AD FS access control policy. |
Remove-AdfsApplicationGroup |
Removes an application group. |
Remove-AdfsAttributeStore |
Removes an attribute store from the Federation Service. |
Remove-AdfsAuthenticationProviderWebContent |
Removes web content customization of the authentication provider in the user sign-in web pages from AD FS. |
Remove-AdfsCertificate |
Removes a certificate from AD FS. |
Remove-AdfsClaimDescription |
Removes a claim description from the Federation Service. |
Remove-AdfsClaimsProviderTrust |
Removes a claims provider trust from the Federation Service. |
Remove-AdfsClaimsProviderTrustsGroup |
Removes an AD FS claims provider trust group. |
Remove-AdfsClient |
Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS. |
Remove-AdfsDeviceRegistrationUpnSuffix |
Removes a custom UPN suffix. |
Remove-AdfsFarmNode |
The Remove-AdfsFarmNode cmdlet is deprecated. Instead, use the Uninstall-WindowsFeature cmdlet. |
Remove-AdfsGlobalWebContent |
Removes a global web content object. |
Remove-AdfsLocalClaimsProviderTrust |
Removes a local claims provider trust. |
Remove-AdfsNativeClientApplication |
Removes a native client application role from an application in AD FS. |
Remove-AdfsNonClaimsAwareRelyingPartyTrust |
Removes a relying party trust for a non-claims-aware web application or service from the Federation Service. |
Remove-AdfsRelyingPartyTrust |
Removes a relying party trust from the Federation Service. |
Remove-AdfsRelyingPartyTrustsGroup |
Removes a relying party trusts group. |
Remove-AdfsRelyingPartyWebContent |
Removes a relying party web content object. |
Remove-AdfsRelyingPartyWebTheme |
Removes a web theme to a relying party. |
Remove-AdfsScopeDescription |
Removes a scope description in AD FS. |
Remove-AdfsServerApplication |
Removes a server application role from an application in AD FS. |
Remove-AdfsTrustedFederationPartner |
Removes a trusted federation partner in AD FS. |
Remove-AdfsWebApiApplication |
Removes a Web API application role from an application in AD FS. |
Remove-AdfsWebApplicationProxyRelyingPartyTrust |
Removes the relying party trust object for the Web Application Proxy. |
Remove-AdfsWebTheme |
Removes a web theme. |
Restore-AdfsFarmBehaviorLevel |
Restores the farm to a previous behavior level. |
Revoke-AdfsApplicationPermission |
Revokes permission for an application. |
Revoke-AdfsProxyTrust |
Revokes trust for all federation server proxies configured for the Federation Service. |
Set-AdfsAccessControlPolicy |
Modifies an AD FS access control policy. |
Set-AdfsAdditionalAuthenticationRule |
Sets the global rules that provide the trigger for additional authentication providers to be invoked. |
Set-AdfsAlternateTlsClientBinding |
Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication. |
Set-AdfsApplicationGroup |
Modifies an application group. |
Set-AdfsApplicationPermission |
Modifies application permissions. |
Set-AdfsAttributeStore |
Modifies properties of an attribute store. |
Set-AdfsAuthenticationProviderWebContent |
Modifies a display name and description. |
Set-AdfsAzureMfaTenant |
Enables an AD FS farm to use MFA. |
Set-AdfsCertificate |
Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications. |
Set-AdfsCertificateAuthority |
Modifies a certificate authority. |
Set-AdfsCertSharingContainer |
Sets the account that is used for sharing managed certificates in a federation server farm. |
Set-AdfsClaimDescription |
Modifies the properties of a claim description. |
Set-AdfsClaimsProviderTrust |
Sets the properties of a claims provider trust. |
Set-AdfsClient |
Modifies registration settings for an OAuth 2.0 client registered with AD FS. |
Set-AdfsDeviceRegistration |
Configures the administrative policies for the Device Registration Service. |
Set-AdfsDeviceRegistrationUpnSuffix |
Sets the list of UPN suffixes. |
Set-AdfsEndpoint |
Sets the endpoint on a Web Application Proxy. |
Set-AdfsFarmInformation |
Removes a stale or offline farm node from the farm information table. |
Set-AdfsGlobalAuthenticationPolicy |
Modifies the AD FS global policy. |
Set-AdfsGlobalWebContent |
Sets properties for global web content objects. |
Set-AdfsLocalClaimsProviderTrust |
Modifies a local claims provider trust. |
Set-AdfsNativeClientApplication |
Modifies configuration settings for a server native client application role of an application in AD FS. |
Set-AdfsNonClaimsAwareRelyingPartyTrust |
Sets the properties of a relying party trust for a non-claims-aware web application or service. |
Set-AdfsProperties |
Sets the properties that control global behaviors in AD FS. |
Set-AdfsRegistrationHosts |
The Set-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Set-AdfsDeviceRegistrationUpnSuffix cmdlet. |
Set-AdfsRelyingPartyTrust |
Sets the properties of a relying party trust. |
Set-AdfsRelyingPartyWebContent |
Sets properties for the relying party web content objects. |
Set-AdfsRelyingPartyWebTheme |
Applies a web theme to a relying party. |
Set-AdfsScopeDescription |
Modifies a scope description in AD FS. |
Set-AdfsServerApplication |
Modifies configuration settings for a server application role of an application in AD FS. |
Set-AdfsSslCertificate |
Sets an SSL certificate for HTTPS bindings for AD FS. |
Set-AdfsSyncProperties |
Modifies the frequency of synchronization for the AD FS configuration database and which server is primary in the farm. |
Set-AdfsTrustedFederationPartner |
Modifies configuration settings for trusted federation partners in AD FS. |
Set-AdfsWebApiApplication |
Modifies configuration settings for a Web API application in AD FS. |
Set-AdfsWebApplicationProxyRelyingPartyTrust |
Modifies properties of the relying party trust object for the Web Application Proxy. |
Set-AdfsWebConfig |
Modifies web customization configuration settings. |
Set-AdfsWebTheme |
Modifies properties of a web theme. |
Test-AdfsFarmBehaviorLevelRaise |
Tests whether you can raise the behavior level of a farm. |
Test-AdfsFarmBehaviorLevelRestore |
Tests whether you can restore an AD FS farm to a previous behavior level. |
Test-AdfsFarmInstallation |
Runs prerequisite checks for installing a new federation server farm. |
Test-AdfsFarmJoin |
Runs prerequisite checks for adding the server computer to a federation server farm. |
Unregister-AdfsAuthenticationProvider |
Deletes an external authentication provider from AD FS. |
Update-AdfsCertificate |
Updates the certificates of AD FS. |
Update-AdfsClaimsProviderTrust |
Updates the claims provider trust from federation metadata. |
Update-AdfsRelyingPartyTrust |
Updates the relying party trust from federation metadata. |