Install-AdfsFarm
Install-AdfsFarm
Creates the first node of a new federation server farm.
Sintaxis
Parameter Set: ADFSFarmCreateLocalDatabase
Install-AdfsFarm -ServiceAccountCredential <PSCredential> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: __AllParameterSets
Install-AdfsFarm -FederationServiceName <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-FederationServiceDisplayName <String> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: AdfsFarmCreateLocalDatabaseGmsa
Install-AdfsFarm -GroupServiceAccountIdentifier <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ADFSFarmCreateSharedDatabase
Install-AdfsFarm -ServiceAccountCredential <PSCredential> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ADFSFarmCreateSharedDatabaseDisableAutoCertRollover
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: AdfsFarmCreateSharedDatabaseGmsa
Install-AdfsFarm -GroupServiceAccountIdentifier <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Descripción detallada
The Install-AdfsFarm cmdlet creates the first node of a new federation server farm.
Parámetros
-CertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used in the Secure Sockets Layer (SSL) binding of the Default Web Site in Internet Information Services (IIS). This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-Credential<PSCredential>
Specifies a PSCredential object based on a user name and password. To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential
. To use this cmdlet, you must supply credentials that have domain administrator privileges.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-DecryptionCertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-FederationServiceDisplayName<String>
Specifies the display name of the Federation Service. The name that you specify is the organization for which this Federation Service issues tokens. For instance, you might specify Contoso Corporation. If you do not specify a value for this parameter, the Federation Service uses the value specified by the FederationServiceName parameter.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-FederationServiceName<String>
Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-GroupServiceAccountIdentifier<String>
Specifies the Group Managed Service Account under which the Servicios de federación de Active Directory (AD FS) service runs.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-OverwriteConfiguration
This parameter must be used to remove an existing Servicios de federación de Active Directory (AD FS) configuration database and overwrite it with a new database.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-ServiceAccountCredential<PSCredential>
Specifies the Active Directory account under which the AD FS service runs.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-SigningCertificateThumbprint<String>
Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-SQLConnectionString<String>
Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.
Alias |
ninguno |
¿Requerido? |
true |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-SSLPort<Int32>
Specifies the value of the port number of the SSL binding that the AD FS web site will use.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-TlsClientPort<Int32>
Specifies the port number that the AD FS service uses for Transport Layer Security (TLS) authentication for the user certificate client. The default value is 49443.
Alias |
ninguno |
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
ninguno |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-Confirm
Solicita confirmación antes de ejecutar el cmdlet.
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
falso |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
-WhatIf
Muestra lo que sucedería si se ejecutara el cmdlet. El cmdlet no se ejecuta.
¿Requerido? |
false |
¿Posición? |
named |
Valor predeterminado |
falso |
¿Aceptar canalización? |
false |
¿Aceptar caracteres comodín? |
false |
<CommonParameters>
Este cmdlet admite los siguientes parámetros comunes: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer y -OutVariable. Para obtener más información, consulte about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Entradas
El tipo de entrada es el tipo de los objetos que se pueden canalizar al cmdlet.
Salidas
El tipo de resultado es el tipo de objetos que emite el cmdlet.
Ejemplos
Example 1
Description
Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.
To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential
Example 2
Description
This example creates the first node in a federation server farm that uses a group Managed Service Account as the service account. In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters
Lists thumbprint values of currently installed certificates.
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -GroupServiceAccountIdentifier CONTOSO\GroupAccount01
Example 3
Description
-----------
Creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".
In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.
To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.
PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True"
Example 4
Description
-----------
Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".
In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters respectively.
PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -OverwriteConfiguration -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad