Table of contents
TLS
TOC
Collapse the table of content
Expand the table of content

Set-AdfsDeviceRegistration

Last Updated: 3/8/2017

SYNOPSIS

Configures the administrative policies for the Device Registration Service.

SYNTAX

NumberOfInactiveDays

Set-AdfsDeviceRegistration -MaximumInactiveDays <UInt32> [-AccessControlPolicyName <String>]
 [-AccessControlPolicyParameters <Object>] [-WhatIf] [-Confirm] [<CommonParameters>]

NumberOfDevicesPerUser

Set-AdfsDeviceRegistration -DevicesPerUser <UInt32> [-AccessControlPolicyName <String>]
 [-AccessControlPolicyParameters <Object>] [-WhatIf] [-Confirm] [<CommonParameters>]

ServiceAccountIdentifier

Set-AdfsDeviceRegistration -ServiceAccountIdentifier <String> -Credential <PSCredential>
 [-AccessControlPolicyName <String>] [-AccessControlPolicyParameters <Object>] [-WhatIf] [-Confirm]
 [<CommonParameters>]

IssuanceCertificate

Set-AdfsDeviceRegistration [-IssuanceCertificate] [-AccessControlPolicyName <String>]
 [-AccessControlPolicyParameters <Object>] [-WhatIf] [-Confirm] [<CommonParameters>]

RelyingParty

Set-AdfsDeviceRegistration [-AccessControlPolicyName <String>] [-AccessControlPolicyParameters <Object>]
 [-AllowedAuthenticationClassReferences <String[]>] [-IssuanceAuthorizationRules <String>]
 [-IssuanceAuthorizationRulesFile <String>] [-IssuanceTransformRules <String>]
 [-IssuanceTransformRulesFile <String>] [-AdditionalAuthenticationRules <String>]
 [-AdditionalAuthenticationRulesFile <String>] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Set-AdfsDeviceRegistration cmdlet configures the administrative policies for the Device Registration Service. Use this cmdlet to change the default policies of the Device Registration Service in Active Directory Federation Services (AD FS), such as the maximum number of devices that a user can register.

EXAMPLES

Example 1: Set the number of devices that a user can register

PS C:\> Set-AdfsDeviceRegistration -DevicesPerUser 10

This command sets the number of devices that a user can register to 10.

Example 2: Configure the maximum inactive days for a device

PS C:\> Set-AdfsDeviceRegistration -MaximumInactiveDays 90

This command configures the number of days before the Device Registration Service removes an inactive device object.

Example 3: Set the service account for the Device Registration Service

PS C:\> $Cred = Get-Credential
PS C:\> Set-AdfsDeviceRegistration -ServiceAccountIdentifier "CONTOSO\Svc_adfs" -Credential $Cred

The first command uses the Get-Credential cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. The command stores the credential object in the $Cred variable.

The second command sets the service account that has the ID Svc_adfs. The command specifies the credentials stored in $Cred for the Active Directory account under which the AD FS service runs.

PARAMETERS

-AccessControlPolicyName

Type: String
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-AccessControlPolicyParameters

Type: Object
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-AdditionalAuthenticationRules

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-AdditionalAuthenticationRulesFile

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowedAuthenticationClassReferences

Type: String[]
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-Credential

Type: PSCredential
Parameter Sets: ServiceAccountIdentifier
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DevicesPerUser

Specifies the maximum number of devices that a user can register.

Type: UInt32
Parameter Sets: NumberOfDevicesPerUser
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-IssuanceAuthorizationRules

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-IssuanceAuthorizationRulesFile

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-IssuanceCertificate

Indicates that the cmdlet generates and uses a new signing certificate for the Device Registration Service.

Type: SwitchParameter
Parameter Sets: IssuanceCertificate
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-IssuanceTransformRules

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-IssuanceTransformRulesFile

Type: String
Parameter Sets: RelyingParty
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-MaximumInactiveDays

Specifies the number of days before a device object is removed because of inactivity.

Type: UInt32
Parameter Sets: NumberOfInactiveDays
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-ServiceAccountIdentifier

Specifies the ID of the service account. The cmdlet grants this account read and write access to the Device Registration Service configuration and containers in Active Directory® Domain Services.

Type: String
Parameter Sets: ServiceAccountIdentifier
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

uint, string, switch

OUTPUTS

NOTES

Disable-AdfsDeviceRegistration

Enable-AdfsDeviceRegistration

Get-AdfsDeviceRegistration

© 2017 Microsoft