Set-AdfsDeviceRegistration

Configures the administrative policies for the Device Registration Service.

Syntax

Set-AdfsDeviceRegistration
   -MaximumInactiveDays <UInt32>
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AdfsDeviceRegistration
   -DevicesPerUser <UInt32>
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AdfsDeviceRegistration
   -ServiceAccountIdentifier <String>
   -Credential <PSCredential>
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AdfsDeviceRegistration
   [-IssuanceCertificate]
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AdfsDeviceRegistration
   [-AccessControlPolicyName <String>]
   [-AccessControlPolicyParameters <Object>]
   [-AllowedAuthenticationClassReferences <String[]>]
   [-IssuanceAuthorizationRules <String>]
   [-IssuanceAuthorizationRulesFile <String>]
   [-IssuanceTransformRules <String>]
   [-IssuanceTransformRulesFile <String>]
   [-AdditionalAuthenticationRules <String>]
   [-AdditionalAuthenticationRulesFile <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AdfsDeviceRegistration cmdlet configures the administrative policies for the Device Registration Service. Use this cmdlet to change the default policies of the Device Registration Service in Active Directory Federation Services (AD FS), such as the maximum number of devices that a user can register.

Examples

Example 1: Set the number of devices that a user can register

PS C:\> Set-AdfsDeviceRegistration -DevicesPerUser 10

This command sets the number of devices that a user can register to 10.

Example 2: Configure the maximum inactive days for a device

PS C:\> Set-AdfsDeviceRegistration -MaximumInactiveDays 90

This command configures the number of days before the Device Registration Service removes an inactive device object.

Example 3: Set the service account for the Device Registration Service

PS C:\> $Cred = Get-Credential
PS C:\> Set-AdfsDeviceRegistration -ServiceAccountIdentifier "CONTOSO\Svc_adfs" -Credential $Cred

The first command uses the Get-Credential cmdlet to create a credential object for the Active Directory account under which the AD FS service runs. The command stores the credential object in the $Cred variable.

The second command sets the service account that has the ID Svc_adfs. The command specifies the credentials stored in $Cred for the Active Directory account under which the AD FS service runs.

Parameters

-AccessControlPolicyName

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AccessControlPolicyParameters

Type:Object
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AdditionalAuthenticationRules

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AdditionalAuthenticationRulesFile

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AllowedAuthenticationClassReferences

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Type:PSCredential
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-DevicesPerUser

Specifies the maximum number of devices that a user can register.

Type:UInt32
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceAuthorizationRules

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceAuthorizationRulesFile

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IssuanceCertificate

Indicates that the cmdlet generates and uses a new signing certificate for the Device Registration Service.

Type:SwitchParameter
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceTransformRules

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-IssuanceTransformRulesFile

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MaximumInactiveDays

Specifies the number of days before a device object is removed because of inactivity.

Type:UInt32
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ServiceAccountIdentifier

Specifies the ID of the service account. The cmdlet grants this account read and write access to the Device Registration Service configuration and containers in Active Directory® Domain Services.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

uint, string, switch