Using Windows PowerShell for AD FS 2.0
Applies To: Active Directory Federation Services (AD FS) 2.0
Windows PowerShell is a Windows command-line shell and scripting language that you can use to automate many of the same tasks that you perform in the Windows graphical user interface (GUI). Active Directory Federation Services (AD FS) 2.0 includes a Windows PowerShell extension module that provides cmdlets that can help you control system administration more easily and achieve greater productivity. Each cmdlet is a simple, single-function, command-line tool that you can use to perform tasks in command-line mode or through Windows script or batch files. These are tasks that you might otherwise perform by using the AD FS 2.0 console.
For more information about Windows PowerShell, see Windows PowerShell (https://go.microsoft.com/fwlink/?LinkId=147821).
Tasks that you can perform
The following table contains a list of the cmdlet objects (sorted by name) that AD FS 2.0 supports. The table provides details about the types of tasks that you can use Windows PowerShell to administer in a AD FS 2.0 installation.
| Name | Description | ||
|---|---|---|---|
ADFSAttributeStore |
Use to work with attribute stores. |
||
ADFSCertificate |
Use to work with certificates for signing, decrypting, or securing communications. |
||
ADFSCertSharingContainer |
Use to work with managing certificates in a federation server farm. |
||
ADFSClaimDescription |
Use to work with claim descriptions. |
||
ADFSClaimsProviderTrust |
Use to work with claims provider trusts. |
||
ADFSClaimRuleSet |
Use to work with claim rule sets. |
||
ADFSContactPerson |
Use to work with contact person properties.
|
||
ADFSEndpoint |
Use to work with endpoints. |
||
ADFSOrganization |
Use to work with organizational settings. Note This cmdlet is an auxiliary resource of the ADFSProperties cmdlet. It can be used to set a new organization only within the context of that cmdlet.
|
||
ADFSProperties |
Use to work with service properties. |
||
ADFSProxyCertificate |
Use to work with certificates that proxies use. |
||
ADFSProxyProperties |
Use to work with properties for proxies. |
||
ADFSRelyingPartyTrust |
Use to work with relying parties. |
||
ADFSSamlEndpoint |
Use to work with Security Assertion Markup Language (SAML)-based endpoints. |
||
ADFSSyncProperties |
Use to work with database synchronization properties. |
.gif)
NoteUsing the cmdlets for AD FS 2.0
The Windows PowerShell for AD FS 2.0 snap-in is registered and available for use after you run AD FS 2.0 Setup. To confirm that Windows PowerShell cmdlets for AD FS 2.0 are ready, you can use the following procedure to verify that the AD FS 2.0 snap-in is registered with Windows PowerShell.
To verify that the AD FS 2.0 snap-in is registered with Windows PowerShell
At the Windows PowerShell command prompt, type the following command, and then press ENTER:
Get-PSSnapin –RegisteredIf AD FS 2.0 Setup has been run previously, you should see the following command-line output:
Name : Microsoft.Adfs.PowerShell PSVersion : 1.0 Description : This PowerShell snap-in contains cmdlets used to manage Microsoft Identity Server resources.
After you confirm that the snap-in is registered, you can use the following procedure to add the AD FS 2.0 snap-in to your current Windows PowerShell session to access its cmdlets or you can use it in any of your Windows PowerShell scripts.
To add the AD FS 2.0 snap-in to a Windows PowerShell session
At the Windows PowerShell command prompt, type the following command, and then press ENTER:
Add-PSSnapin Microsoft.Adfs.PowerShell
After the AD FS 2.0 snap-in is added, you can get additional cmdlet Help by using the Windows PowerShell Get-Help cmdlet.
To get Help about the AD FS 2.0 cmdlets for Windows PowerShell
To view a list of all the AD FS 2.0 cmdlets, at the Windows PowerShell command prompt, type the following command, and then press ENTER:
Get-Command *-ADFS*For help about a specific AD FS 2.0 cmdlet, at the Windows PowerShell command prompt, type the following command, and then press ENTER:
Get-Help *-ADFS<object_name>*where
<object_name>is the name of the cmdlet object that you want Help for. For example, to get Help about how to work with AD FS 2.0 properties, type the following command, and then press ENTER:Get-Help *-ADFSProperties*