Configure AD FS on Windows Server 2012
Applies To: Dynamics CRM 2013
This topic provides information that is unique to Active Directory Federation Services (AD FS) in Windows Server 2012 (not R2). First configure IFD and claims as described in this article, and then follow the instructions below to complete the AD FS configuration. In addition, your Microsoft Dynamics CRM 2011 server must be running Microsoft Dynamics CRM 2011 Update Rollup 13 or later.
Configure a Microsoft Dynamics CRM 2011 Advanced Setting
At the time of this writing, AD FS has a known issue publishing metadata for MEX endpoints. After configuring claims, MEX endpoints are no longer reachable which an administrator sees as an invalid URL. This problem applies to AD FS in Windows Server 2012 only. AD FS 2.0 (Windows Server 2008), and AD FS in Windows Server 2012 R2 will continue to automatically configure the MEX endpoints correctly.
When using AD FS in Windows Server 2012, it is necessary to update an advanced setting on a Microsoft Dynamics CRM 2011 (on-premises) server deployment. The following procedure describes how to configure the server setting.
How to Configure the ActiveMexEndpoint Advanced Setting
Log on as administrator to a Microsoft Dynamics CRM 2011 server that has the Deployment Manager installed.
If you have more than one server with Deployment Manager installed, perform these steps on only one deployment server in your deployment.
Create a PowerShell script file named UpdateMEXEndpoint.ps1 using the PowerShell ISE or your favorite editor.
Copy the following PowerShell code, paste it into the file you just created, and save the file.
Param ( #optional params [string]$ConfigurationEntityName="FederationProvider", [string]$SettingName="ActiveMexEndpoint", [object]$SettingValue, [Guid]$Id ) $RemoveSnapInWhenDone = $False if (-not (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue)) { Add-PSSnapin Microsoft.Crm.PowerShell $RemoveSnapInWhenDone = $True } //For AD FS 2.1, use the following: $Id=(Get-CrmAdvancedSetting -ConfigurationEntityName FederationProvider -Id 26332692-CD1E-4DD6-BD5B-07326C43302E -Setting ActiveMexEndpoint).Attributes[0].Value //For AD FS 2.0 or AD FS 2.2, use the following: $Id=(Get-CrmAdvancedSetting -ConfigurationEntityName FederationProvider -Setting ActiveMexEndpoint).Attributes[0].Value $setting = New-Object "Microsoft.Xrm.Sdk.Deployment.ConfigurationEntity" $setting.LogicalName = $ConfigurationEntityName if($Id) { $setting.Id = $Id } $setting.Attributes = New-Object "Microsoft.Xrm.Sdk.Deployment.AttributeCollection" $keypair = New-Object "System.Collections.Generic.KeyValuePair[String, Object]" ($SettingName, $SettingValue) $setting.Attributes.Add($keypair) Set-CrmAdvancedSetting -Entity $setting if($RemoveSnapInWhenDone) { Remove-PSSnapin Microsoft.Crm.PowerShell }
Run the preceding shell script from within a PowerShell window using the following command. Substitute the name of your configured AD FS host for <ADFS STSHOST> in the command.
UpdateMEXEndpoint.ps1 –SettingValue “https://<ADFS STSHOST>/adfs/services/trust/mex”
For example, if your STS is using sts.contoso.com, the command would be: UpdateMEXEndpoint.ps1 –SettingValue “https://sts.contoso.com/adfs/services/trust/mex”
Running this command will update your Microsoft Dynamics CRM 2011 deployment to connect to AD FS using the endpoint provided in the SettingValue parameter.
For more information about the Set-CrmAdvancedSetting cmdlet, see the “Read and Update Advanced Settings with PowerShell” section of Use Advanced Configuration Settings (ConfigDB).