Set-AdfsDeviceRegistration

Set-AdfsDeviceRegistration

Configures the administrative policies for the Device Registration Service.

Syntax

Parameter Set: IssuanceCertificate
Set-AdfsDeviceRegistration -IssuanceCertificate [-Credential <PSCredential> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: NumberOfDevicesPerUser
Set-AdfsDeviceRegistration -DevicesPerUser <UInt32> [-Credential <PSCredential> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: NumberOfInactiveDays
Set-AdfsDeviceRegistration -MaximumInactiveDays <UInt32> [-Credential <PSCredential> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ServiceAccountIdentifier
Set-AdfsDeviceRegistration -ServiceAccountIdentifier <String> [-Credential <PSCredential> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Detailed Description

The Set-AdfsDeviceRegistration cmdlet configures the administrative policies for the Device Registration Service. Use this cmdlet to change the default policies of the Device Registration Service in Active Directory Federation Services (AD FS), such as the maximum number of devices that a user can register.

Parameters

-Credential<PSCredential>

Specifies a PSCredential object based on a user name and password. This account must be a member of the Enterprise Admins group. To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential.

-DevicesPerUser<UInt32>

Specifies the maximum number of devices that a user can register.

-IssuanceCertificate

Indicates that the cmdlet generates and uses a new signing certificate for the Device Registration Service.

-MaximumInactiveDays<UInt32>

Specifies the number of days before a device object is removed because of inactivity.

-ServiceAccountIdentifier<String>

Specifies the ID of the service account. The cmdlet grants this account read and write access to the Device Registration Service configuration and containers in Active Directory® Domain Services.

-Confirm

Prompts you for confirmation before running the cmdlet.

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

• uint, string, switch

Outputs

The output type is the type of the objects that the cmdlet emits.

Examples

Example 1: Set the number of devices that a user can register

This command sets the number of devices that a user can register to 10.

PS C:\> Set-AdfsDeviceRegistration -DevicesPerUser 10

Example 2: Configure the maximum inactive days for a device

This command configures the number of days before the Device Registration Service removes an inactive device object.

PS C:\> Set-AdfsDeviceRegistration -MaximumInactiveDays 90

Example 3: Set the service account for the Device Registration Service

The first command uses the Get-Credential cmlet to create a credential object for the Active Directory account under which the AD FS service runs. The command stores the credential object in the $Cred variable.

The second command sets the service account that has the ID Svc_adfs. The command specifies the credentials stored in $Cred for the Active Directory account under which the AD FS service runs.

PS C:\> $Cred = Get-Credential
PS C:\> Set-AdfsDeviceRegistration -ServiceAccountIdentifier "CONTOSO\Svc_adfs" -Credential $Cred 

Related topics

Get-AdfsDeviceRegistration

Disable-AdfsDeviceRegistration

Enable-AdfsDeviceRegistration