Adding or Removing Federated Identity Support

  • Article

Updated: October 22, 2009

Applies To: Windows Server 2008 R2, Windows Server 2008 R2 with SP1

After creating an Active Directory Rights Management Services (AD RMS) cluster, you can use Windows PowerShell cmdlets to add federated identity support to the cluster. You can also use Windows PowerShell cmdlets to remove federated identity support from a cluster without affecting other AD RMS settings. It is not necessary to create a Windows PowerShell drive in order to add or remove federated identity support.

Before you add AD RMS federated identity support, you should ensure that the following conditions have been met:

  • Ensure that you specified a secure cluster address when you installed AD RMS. Active Directory Federation Services (AD FS) requires secure communication between AD RMS and the AD FS resource server.

  • Use the Local Security Policy console to assign the Generate Security Audits privilege to the AD RMS service account.

  • Configure a federated trusted relationship before you add federated identity support. When you add federated identity support, you must specify the URL of the federation service.

  • Ensure that the AD RMS extranet cluster URLs are accessible to the federated account partner.

The following sections describe how to use Windows PowerShell cmdlets to add federated identity support to an existing cluster and to remove it when it is no longer needed.

Adding federated identity support

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To add federated identity support

  • At a Windows PowerShell command prompt, type:

    Import-Module ADRMS

    Install-ADRMS -ADFSUrl “https://<federation_server>/adfs/fs/federationserverservice.asmx”

    where <federation_server> is the name of the federation server. Specify this name by using lowercase letters only.

Removing federated identity support

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To remove federated identity support

  • At a Windows PowerShell command prompt, type:

    Import-Module ADRMS

    Uninstall-ADRMS -ADFSOnly

See Also

Concepts

Using Windows PowerShell to Deploy AD RMS
AD RMS Deployment Cmdlets