Install-AdfsFarm

Windows Server 2012 R2 and Windows 8.1

Install-AdfsFarm

Creates the first node of a new federation server farm.

Sintaxis

Parameter Set: ADFSFarmCreateLocalDatabase
Install-AdfsFarm -ServiceAccountCredential <PSCredential> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: __AllParameterSets
Install-AdfsFarm -FederationServiceName <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-FederationServiceDisplayName <String> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateLocalDatabaseDisableAutoCertRollover
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: AdfsFarmCreateLocalDatabaseDisableAutoCertRolloverGmsa
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: AdfsFarmCreateLocalDatabaseGmsa
Install-AdfsFarm -GroupServiceAccountIdentifier <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateSharedDatabase
Install-AdfsFarm -ServiceAccountCredential <PSCredential> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ADFSFarmCreateSharedDatabaseDisableAutoCertRollover
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -ServiceAccountCredential <PSCredential> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: AdfsFarmCreateSharedDatabaseDisableAutoCertRolloverGmsa
Install-AdfsFarm -DecryptionCertificateThumbprint <String> -GroupServiceAccountIdentifier <String> -SigningCertificateThumbprint <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: AdfsFarmCreateSharedDatabaseGmsa
Install-AdfsFarm -GroupServiceAccountIdentifier <String> -SQLConnectionString <String> [-CertificateThumbprint <String> ] [-Credential <PSCredential> ] [-OverwriteConfiguration] [-SSLPort <Int32> ] [-TlsClientPort <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Descripción detallada

The Install-AdfsFarm cmdlet creates the first node of a new federation server farm.

Parámetros

-CertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used in the Secure Sockets Layer (SSL) binding of the Default Web Site in Internet Information Services (IIS). This value should match the thumbprint of a valid certificate in the Local Computer certificate store.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-Credential<PSCredential>

Specifies a PSCredential object based on a user name and password. To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential. To use this cmdlet, you must supply credentials that have domain administrator privileges.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-DecryptionCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token decryption. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token signing certificate must also be specified using the SigningCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-FederationServiceDisplayName<String>

Specifies the display name of the Federation Service. The name that you specify is the organization for which this Federation Service issues tokens. For instance, you might specify Contoso Corporation. If you do not specify a value for this parameter, the Federation Service uses the value specified by the FederationServiceName parameter.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-FederationServiceName<String>

Specifies the DNS name of the federation service. This value must match the subject name of the certificate configured on the SSL binding in IIS.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-GroupServiceAccountIdentifier<String>

Specifies the Group Managed Service Account under which the Servicios de federación de Active Directory (AD FS) service runs.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-OverwriteConfiguration

This parameter must be used to remove an existing Servicios de federación de Active Directory (AD FS) configuration database and overwrite it with a new database.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-ServiceAccountCredential<PSCredential>

Specifies the Active Directory account under which the AD FS service runs.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-SigningCertificateThumbprint<String>

Specifies the value of the certificate thumbprint of the certificate that should be used for token signing. If this parameter is used, the automatic certificate rollover feature will be disabled, and a token decryption certificate must also be specified using the DecryptionCertificateThumbprint parameter. This value should match the thumbprint of a valid certificate in the Local Computer certificate store.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-SQLConnectionString<String>

Specifies the SQL Server database that will store the AD FS configuration settings. If not specified, the AD FS installer uses the Windows Internal Database to store configuration settings.


Alias

ninguno

¿Requerido?

true

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-SSLPort<Int32>

Specifies the value of the port number of the SSL binding that the AD FS web site will use.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-TlsClientPort<Int32>

Specifies the port number that the AD FS service uses for Transport Layer Security (TLS) authentication for the user certificate client. The default value is 49443.


Alias

ninguno

¿Requerido?

false

¿Posición?

named

Valor predeterminado

ninguno

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-Confirm

Solicita confirmación antes de ejecutar el cmdlet.


¿Requerido?

false

¿Posición?

named

Valor predeterminado

falso

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

-WhatIf

Muestra lo que sucedería si se ejecutara el cmdlet. El cmdlet no se ejecuta.


¿Requerido?

false

¿Posición?

named

Valor predeterminado

falso

¿Aceptar canalización?

false

¿Aceptar caracteres comodín?

false

<CommonParameters>

Este cmdlet admite los siguientes parámetros comunes: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer y -OutVariable. Para obtener más información, consulte about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).

Entradas

El tipo de entrada es el tipo de los objetos que se pueden canalizar al cmdlet.

Salidas

El tipo de resultado es el tipo de objetos que emite el cmdlet.

Ejemplos

Example 1

Description

Creates the first node in a federation server farm that uses the Windows Internal Database (WID) on the local server computer.

In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.

To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.


PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential

Example 2

Description

This example creates the first node in a federation server farm that uses a group Managed Service Account as the service account. In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters

Lists thumbprint values of currently installed certificates.


PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -GroupServiceAccountIdentifier CONTOSO\GroupAccount01

Example 3

Description

-----------

Creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".

In this example, a certificate thumbprint value is supplied for the CertificateThumbprint parameter. This certificate will be used as the SSL certificate and the service communications certificate. Automatically generated, self-signed certificates will be used for the token signing and token decryption certificates.

To specify certificates for token signing and token decryption, specify thumbprint values for the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters.


PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True"

Example 4

Description

-----------

Overwrites an existing AD FS configuration database and creates the first node in a federation server farm that uses a Microsoft SQL server database on a remote computer named "SQLHost".

In this example, certificate thumbprint values are specified for the token signing certificate and for the token encryption certificate using the SigningCertificateThumbprint and DecryptionCertificateThumbprint parameters respectively.


PS C:\> $fscredential = Get-Credential
PS C:\> Install-AdfsFarm -CertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -FederationServiceName fs.corp.contoso.com -ServiceAccountCredential $fscredential -SQLConnectionString "Data Source=SQLHost;Integrated Security=True" -OverwriteConfiguration -SigningCertificateThumbprint 8169c52b4ec6e77eb2ae17f028fe5da4e35c0bed -DecryptionCertificateThumbprint cf2e5064c521d625c8d53536bc98aa8e08f5f2ad

Adiciones de comunidad

AGREGAR
Mostrar: