Table of contents
TLS
TOC
Collapse the table of content
Expand the table of content

Active Directory Federation Services

Brian Lich|Last Updated: 3/26/2017

Description

This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer Active Directory Federation Services (AD FS) in Windows Server.

ADFS Cmdlets

Add-AdfsAttributeStore

Adds an attribute store to the Federation Service.

Add-AdfsCertificate

Adds a new certificate to AD FS for signing, decrypting, or securing communications.

Add-AdfsClaimDescription

Adds a claim description to the Federation Service.

Add-AdfsClaimsProviderTrust

Adds a new claims provider trust to the Federation Service.

Add-AdfsClaimsProviderTrustsGroup

Creates a claims provider trust group based on metadata that contains multiple entities.

Add-AdfsClient

Registers an OAuth 2.0 client with AD FS.

Add-AdfsDeviceRegistrationUpnSuffix

Adds a custom UPN suffix.

Add-AdfsFarmNode

Adds this computer to an existing federation server farm.

Add-AdfsLocalClaimsProviderTrust

Creates a local claims provider trust.

Add-AdfsNativeClientApplication

Adds a native client application role to an application in AD FS.

Add-AdfsNonClaimsAwareRelyingPartyTrust

Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.

Add-AdfsRelyingPartyTrust

Adds a new relying party trust to the Federation Service.

Add-AdfsRelyingPartyTrustsGroup

Creates a relying party trusts group.

Add-AdfsScopeDescription

Adds a scope description in AD FS.

Add-AdfsServerApplication

Adds a server application role to an application in AD FS.

Add-AdfsTrustedFederationPartner

Adds configuration settings for trusted federation partners in AD FS.

Add-AdfsWebApiApplication

Adds a Web API application role to an application in AD FS.

Add-AdfsWebApplicationProxyRelyingPartyTrust

Adds a relying party trust for the Web Application Proxy.

Disable-AdfsApplicationGroup

Disables an application group.

Disable-AdfsCertificateAuthority

Disables a certificate authority.

Disable-AdfsClaimsProviderTrust

Disables a claims provider trust in the Federation Service.

Disable-AdfsClient

Disables an OAuth 2.0 client that is currently registered with AD FS.

Disable-AdfsDeviceRegistration

Marks the Device Registration Service as disabled on an AD FS server.

Disable-AdfsEndpoint

Disables an endpoint of AD FS.

Disable-AdfsLocalClaimsProviderTrust

Disables a local claims provider trust.

Disable-AdfsNonClaimsAwareRelyingPartyTrust

Disables a relying party trust for a non-claims-aware web application or service from the Federation Service.

Disable-AdfsRelyingPartyTrust

Disables a relying party trust of the Federation Service.

Disable-AdfsWebApplicationProxyRelyingPartyTrust

Disables the relying party trust for the Web Application Proxy.

Enable-AdfsApplicationGroup

Enables an application group in AD FS.

Enable-AdfsClaimsProviderTrust

Enables a claims provider trust in the Federation Service.

Enable-AdfsClient

Enables the use of an OAuth 2.0 client registration by AD FS.

Enable-AdfsDeviceRegistration

This cmdlet has been deprecated.

Enable-AdfsEndpoint

Enables an endpoint in AD FS.

Enable-AdfsLocalClaimsProviderTrust

Enables a local claims provider trust.

Enable-AdfsNonClaimsAwareRelyingPartyTrust

Enables a relying party trust for a non-claims-aware web application or service from the Federation Service.

Enable-AdfsRelyingPartyTrust

Enables a relying party trust of the Federation Service.

Enable-AdfsWebApplicationProxyRelyingPartyTrust

Enables the relying party trust object for the Web Application Proxy.

Export-AdfsAuthenticationProviderConfigurationData

Returns a file containing the tenant ID for which the AD FS farm is configured for Azure MFA, as well as the well-known client ID for Azure MFA.

Export-AdfsDeploymentSQLScript

Generates SQL scripts to create the AD FS database and to grant permissions.

Export-AdfsWebContent

Exports properties of all web content objects in a specific locale to a specified file.

Export-AdfsWebTheme

Exports a web theme to a folder.

Get-AdfsAccessControlPolicy

Gets an AD FS access control policy.

Get-AdfsAdditionalAuthenticationRule

Retrieves the global rules that trigger additional authentication providers to be invoked.

Get-AdfsApplicationGroup

Gets an application group.

Get-AdfsApplicationPermission

Gets permission for an application.

Get-AdfsAttributeStore

Gets the attribute stores of the Federation Service.

Get-AdfsAuthenticationProvider

Gets a list of all authentication providers in AD FS.

Get-AdfsAuthenticationProviderWebContent

Retrieves web content objects for authentication providers.

Get-AdfsAzureMfaConfigured

Gets whether Azure MFA is enabled.

Get-AdfsCertificate

Retrieves the certificates from AD FS.

Get-AdfsCertificateAuthority

Gets a certificate authority.

Get-AdfsClaimDescription

Gets claim descriptions from the Federation Service.

Get-AdfsClaimsProviderTrust

Gets the claims provider trusts in the Federation Service.

Get-AdfsClaimsProviderTrustsGroup

Gets an AD FS claims provider trust group.

Get-AdfsClient

Retrieves registration information for an OAuth 2.0 client.

Get-AdfsDeviceRegistration

Gets the administrative polices of the Device Registration Service.

Get-AdfsDeviceRegistrationUpnSuffix

Gets the UPN suffixes that can be used with device registration.

Get-AdfsEndpoint

Retrieves an endpoint in AD FS.

Get-AdfsFarmInformation

Gets AD FS behavior level and farm node information.

Get-AdfsGlobalAuthenticationPolicy

Displays the AD FS global policy.

Get-AdfsGlobalWebContent

Gets global web content objects.

Get-AdfsLocalClaimsProviderTrust

Gets local claims provider trusts.

Get-AdfsNativeClientApplication

Gets native client application roles from an application in AD FS.

Get-AdfsNonClaimsAwareRelyingPartyTrust

Gets the properties of a relying party trust for a non-claims-aware web application or service.

Get-AdfsProperties

Gets all the associated properties for the AD FS service.

Get-AdfsRegistrationHosts

The Get-AdfsRegistrationHosts cmdlet is deprecated.

Get-AdfsRelyingPartyTrust

Gets the relying party trusts of the Federation Service.

Get-AdfsRelyingPartyTrustsGroup

Gets a relying party trust group.

Get-AdfsRelyingPartyWebContent

Gets web content objects for relying parties.

Get-AdfsRelyingPartyWebTheme

Gets properties of web themes applied to relying party trusts.

Get-AdfsScopeDescription

Gets a description for a scope in AD FS.

Get-AdfsServerApplication

Gets configuration settings for a server application role for an application in AD FS.

Get-AdfsSslCertificate

Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service.

Get-AdfsSyncProperties

Gets synchronization properties the configuration database of AD FS.

Get-AdfsTrustedFederationPartner

Gets a trusted federation partner in AD FS.

Get-AdfsWebApiApplication

Gets Web API application roles in AD FS.

Get-AdfsWebApplicationProxyRelyingPartyTrust

Gets the relying party trust object for the Web Application Proxy.

Get-AdfsWebConfig

Gets AD FS web customization configuration settings.

Get-AdfsWebTheme

Gets web themes.

Grant-AdfsApplicationPermission

Grants application permission.

Import-AdfsAuthenticationProviderConfigurationData

Imports the custom configuration for an authentication provider.

Import-AdfsWebContent

Imports properties from a resource file into global and relying party web content objects.

Initialize-ADDeviceRegistration

Initializes the Device Registration Service configuration in the Active Directory forest.

Install-AdfsFarm

Creates the first node of a new federation server farm.

Invoke-AdfsFarmBehaviorLevelRaise

Raises the behavior level of a farm.

New-AdfsAccessControlPolicy

Creates an AD FS access control policy.

New-AdfsApplicationGroup

Creates an application group.

New-AdfsAzureMfaTenantCertificate

Creates a certificate for the AD FS farm to use to connect to Azure MFA, or returns the currently configured certificate.

New-AdfsClaimRuleSet

Creates a set of claim rules.

New-AdfsContactPerson

Creates a contact person object.

New-AdfsLdapAttributeToClaimMapping

Creates a mapping between an attribute of an LDAP folder and an AD FS claim type.

New-AdfsLdapServerConnection

Creates a connection object.

New-AdfsOrganization

Creates a new organization information object.

New-AdfsSamlEndpoint

Creates a SAML protocol endpoint object.

New-AdfsWebTheme

Creates an AD FS web theme.

Publish-SslCertificate

The Publish-SslCertificate cmdlet is deprecated.

Register-AdfsAuthenticationProvider

Registers an external authentication provider in AD FS.

Remove-AdfsAccessControlPolicy

Removes an AD FS access control policy.

Remove-AdfsApplicationGroup

Removes an application group.

Remove-AdfsAttributeStore

Removes an attribute store from the Federation Service.

Remove-AdfsAuthenticationProviderWebContent

Removes web content customization of the authentication provider in the user sign-in web pages from AD FS.

Remove-AdfsCertificate

Removes a certificate from AD FS.

Remove-AdfsClaimDescription

Removes a claim description from the Federation Service.

Remove-AdfsClaimsProviderTrust

Removes a claims provider trust from the Federation Service.

Remove-AdfsClaimsProviderTrustsGroup

Removes an AD FS claims provider trust group.

Remove-AdfsClient

Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS.

Remove-AdfsDeviceRegistrationUpnSuffix

Removes a custom UPN suffix.

Remove-AdfsFarmNode

The Remove-AdfsFarmNode cmdlet is deprecated.

Remove-AdfsGlobalWebContent

Removes a global web content object.

Remove-AdfsLocalClaimsProviderTrust

Removes a local claims provider trust.

Remove-AdfsNativeClientApplication

Removes a native client application role from an application in AD FS.

Remove-AdfsNonClaimsAwareRelyingPartyTrust

Removes a relying party trust for a non-claims-aware web application or service from the Federation Service.

Remove-AdfsRelyingPartyTrust

Removes a relying party trust from the Federation Service.

Remove-AdfsRelyingPartyTrustsGroup

Removes a relying party trusts group.

Remove-AdfsRelyingPartyWebContent

Removes a relying party web content object.

Remove-AdfsRelyingPartyWebTheme

Removes a web theme to a relying party.

Remove-AdfsScopeDescription

Removes a scope description in AD FS.

Remove-AdfsServerApplication

Removes a server application role from an application in AD FS.

Remove-AdfsTrustedFederationPartner

Removes a trusted federation partner in AD FS.

Remove-AdfsWebApiApplication

Removes a Web API application role from an application in AD FS.

Remove-AdfsWebApplicationProxyRelyingPartyTrust

Removes the relying party trust object for the Web Application Proxy.

Remove-AdfsWebTheme

Removes a web theme.

Restore-AdfsFarmBehaviorLevel

Restores the farm to a previous behavior level.

Revoke-AdfsApplicationPermission

Revokes permission for an application.

Revoke-AdfsProxyTrust

Revokes trust for all federation server proxies configured for the Federation Service.

Set-AdfsAccessControlPolicy

Modifies an AD FS access control policy.

Set-AdfsAdditionalAuthenticationRule

Sets the global rules that provide the trigger for additional authentication providers to be invoked.

Set-AdfsAlternateTlsClientBinding

Configures an existing AD FS deployment to use the same port for both device certificate and client certificate authentication.

Set-AdfsApplicationGroup

Modifies an application group.

Set-AdfsApplicationPermission

Modifies application permissions.

Set-AdfsAttributeStore

Modifies properties of an attribute store.

Set-AdfsAuthenticationProviderWebContent

Modifies a display name and description.

Set-AdfsAzureMfaTenant

Enables an AD FS farm to use MFA.

Set-AdfsCertificate

Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications.

Set-AdfsCertificateAuthority

Modifies a certificate authority.

Set-AdfsCertSharingContainer

Sets the account that is used for sharing managed certificates in a federation server farm.

Set-AdfsClaimDescription

Modifies the properties of a claim description.

Set-AdfsClaimsProviderTrust

Sets the properties of a claims provider trust.

Set-AdfsClient

Modifies registration settings for an OAuth 2.0 client registered with AD FS.

Set-AdfsDeviceRegistration

Configures the administrative policies for the Device Registration Service.

Set-AdfsDeviceRegistrationUpnSuffix

Sets the list of UPN suffixes.

Set-AdfsEndpoint

Sets the endpoint on a Web Application Proxy.

Set-AdfsFarmInformation

Removes a stale or offline farm node from the farm information table.

Set-AdfsGlobalAuthenticationPolicy

Modifies the AD FS global policy.

Set-AdfsGlobalWebContent

Sets properties for global web content objects.

Set-AdfsLocalClaimsProviderTrust

Modifies a local claims provider trust.

Set-AdfsNativeClientApplication

Modifies configuration settings for a server native client application role of an application in AD FS.

Set-AdfsNonClaimsAwareRelyingPartyTrust

Sets the properties of a relying party trust for a non-claims-aware web application or service.

Set-AdfsProperties

Sets the properties that control global behaviors in AD FS.

Set-AdfsRegistrationHosts

The Set-AdfsRegistrationHosts cmdlet is deprecated.

Set-AdfsRelyingPartyTrust

Sets the properties of a relying party trust.

Set-AdfsRelyingPartyWebContent

Sets properties for the relying party web content objects.

Set-AdfsRelyingPartyWebTheme

Applies a web theme to a relying party.

Set-AdfsScopeDescription

Modifies a scope description in AD FS.

Set-AdfsServerApplication

Modifies configuration settings for a server application role of an application in AD FS.

Set-AdfsSslCertificate

Sets an SSL certificate for HTTPS bindings for AD FS.

Set-AdfsSyncProperties

Modifies the frequency of synchronization for the AD FS configuration database and which server is primary in the farm.

Set-AdfsTrustedFederationPartner

Modifies configuration settings for trusted federation partners in AD FS.

Set-AdfsWebApiApplication

Modifies configuration settings for a Web API application in AD FS.

Set-AdfsWebApplicationProxyRelyingPartyTrust

Modifies properties of the relying party trust object for the Web Application Proxy.

Set-AdfsWebConfig

Modifies web customization configuration settings.

Set-AdfsWebTheme

Modifies properties of a web theme.

Test-AdfsFarmBehaviorLevelRaise

Tests whether you can raise the behavior level of a farm.

Test-AdfsFarmBehaviorLevelRestore

Tests whether you can restore an AD FS farm to a previous behavior level.

Test-AdfsFarmInstallation

Runs prerequisite checks for installing a new federation server farm.

Test-AdfsFarmJoin

Runs prerequisite checks for adding the server computer to a federation server farm.

Unregister-AdfsAuthenticationProvider

Deletes an external authentication provider from AD FS.

Update-AdfsCertificate

Updates the certificates of AD FS.

Update-AdfsClaimsProviderTrust

Updates the claims provider trust from federation metadata.

Update-AdfsRelyingPartyTrust

Updates the relying party trust from federation metadata.

© 2017 Microsoft