AD FS Cmdlets in Windows PowerShell

Windows PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer AD FS(Active Directory Federation Services) in Windows Server.

AD FS deployment cmdlets

The AD FS server role now includes cmdlets that you can use to perform Windows PowerShell-based deployment within your federated identity installations and environments.

The following table lists all the cmdlets that are available for deploying AD FS.

Cmdlet Description

Add-AdfsFarmNode

Adds this computer to an existing federation server farm.

Disable-AdfsDeviceRegistration

Marks the Device Registration Service as disabled on an AD FS server.

Enable-AdfsDeviceRegistration

Configures a server in an AD FS farm to host the Device Registration Service.

Export-AdfsDeploymentSQLScript

Generates the SQL scripts that can be used separately to create the AD FS database and to grant permissions.

Initialize-ADDeviceRegistration

Initializes the Device Registration Service configuration in the Active Directory forest.

Install-AdfsFarm

Creates the first node of a new federation server farm.

Publish-SslCertificate

The Publish-SslCertificate cmdlet is deprecated. Instead, use the Set-AdfsSslCertificate cmdlet.

Remove-AdfsFarmNode

The Remove-AdfsFarmNode cmdlet is deprecated. Instead, use the Uninstall-WindowsFeature cmdlet.

Test-AdfsFarmInstallation

Runs prerequisite checks for installing a new federation server farm.

Test-AdfsFarmJoin

Runs prerequisite checks for adding the server computer to a federation server farm.

AD FS administration cmdlets

In addition to deployment, you can continue to use AD FS cmdlets that were first made available in AD FS 2.0 to perform various administrative, configuration, and diagnostic tasks in your federated identity deployment and environments.

The following table lists all the cmdlets that are available for administering AD FS in Windows Server.

Cmdlet Description

Add-AdfsAttributeStore

Adds an attribute store to the Federation Service.

Add-AdfsCertificate

Adds a new certificate to AD FS for signing, decrypting, or securing communications.

Add-AdfsClaimDescription

Adds a claim description to the Federation Service.

Add-AdfsClaimsProviderTrust

Adds a new claims provider trust to the Federation Service.

Add-AdfsClient

Registers an OAuth 2.0 client with AD FS.

Add-AdfsDeviceRegistrationUpnSuffix

Adds a custom UPN suffix.

Add-AdfsNonClaimsAwareRelyingPartyTrust

Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.

Add-AdfsRelyingPartyTrust

Adds a new relying party trust to the Federation Service.

Add-AdfsWebApplicationProxyRelyingPartyTrust

Adds a relying party trust for the proxy.

Disable-AdfsClaimsProviderTrust

Disables a claims provider trust in the Federation Service.

Disable-AdfsClient

Disables an OAuth 2.0 client that is currently registered with AD FS.

Disable-AdfsEndpoint

Disables an endpoint of AD FS.

Disable-AdfsNonClaimsAwareRelyingPartyTrust

Disables a relying party trust for a non-claims-aware web application or service from the Federation Service.

Disable-AdfsRelyingPartyTrust

Disables a relying party trust of the Federation Service.

Disable-AdfsWebApplicationProxyRelyingPartyTrust

Disables relying party trust for the proxy.

Enable-AdfsClaimsProviderTrust

Enables a claims provider trust in the Federation Service.

Enable-AdfsClient

Enables the use of an OAuth 2.0 client registration by AD FS.

Enable-AdfsEndpoint

Enables an endpoint in AD FS.

Enable-AdfsNonClaimsAwareRelyingPartyTrust

Enables a relying party trust for a non-claims-aware web application or service from the Federation Service.

Enable-AdfsRelyingPartyTrust

Enables a relying party trust of the Federation Service.

Enable-AdfsWebApplicationProxyRelyingPartyTrust

Enables the relying party trust object for the web application proxy.

Export-AdfsAuthenticationProviderConfigurationData

Exports the custom configuration of an external authentication provider to a file.

Export-AdfsWebContent

Exports properties of all web content objects in a specific locale to a specified file.

Export-AdfsWebTheme

Exports a web theme to a folder.

Get-AdfsAdditionalAuthenticationRule

Retrieves the global rules that trigger additional authentication providers to be invoked.

Get-AdfsAttributeStore

Gets the attribute stores of the Federation Service.

Get-AdfsAuthenticationProvider

Gets a list of all authentication providers in AD FS.

Get-AdfsAuthenticationProviderWebContent

Retrieves web content objects for authentication providers.

Get-AdfsCertificate

Retrieves the certificates from AD FS.

Get-AdfsClaimDescription

Gets claim descriptions from the Federation Service.

Get-AdfsClaimsProviderTrust

Gets the claims provider trusts in the Federation Service.

Get-AdfsClient

Retrieves registration information for an OAuth 2.0 client.

Get-AdfsDeviceRegistration

Gets the administrative polices of the Device Registration Service.

Get-AdfsDeviceRegistrationUpnSuffix

Gets the UPN suffixes that can be used with device registration.

Get-AdfsEndpoint

Retrieves an endpoint in AD FS.

Get-AdfsGlobalAuthenticationPolicy

Displays the AD FS global policy.

Get-AdfsGlobalWebContent

Gets global web content objects.

Get-AdfsNonClaimsAwareRelyingPartyTrust

Gets the properties of a relying party trust for a non-claims-aware web application or service.

Get-AdfsProperties

Gets all the associated properties for the AD FS service.

Get-AdfsRegistrationHosts

The Get-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Get-AdfsDeviceRegistrationUpnSuffix cmdlet.

Get-AdfsRelyingPartyTrust

Gets the relying party trusts of the Federation Service.

Get-AdfsRelyingPartyWebContent

Gets web content objects for relying parties.

Get-AdfsSslCertificate

Gets the host name, port, and certificate hash for SSL bindings configured for AD FS and the device registration service.

Get-AdfsSyncProperties

Gets synchronization properties the configuration database of AD FS.

Get-AdfsWebApplicationProxyRelyingPartyTrust

Gets the relying party trust object for 웹 응용 프로그램 프록시.

Get-AdfsWebConfig

Gets AD FS web customization configuration settings.

Get-AdfsWebTheme

Gets web themes.

Import-AdfsAuthenticationProviderConfigurationData

Imports the custom configuration for an authentication provider.

Import-AdfsWebContent

Imports properties from a resource file into global and relying party web content objects.

New-AdfsClaimRuleSet

Creates a set of claim rules.

New-AdfsContactPerson

Creates a contact person object.

New-AdfsOrganization

Creates a new organization information object.

New-AdfsSamlEndpoint

Creates a SAML protocol endpoint object.

New-AdfsWebTheme

Creates an AD FS web theme.

Register-AdfsAuthenticationProvider

Registers an external authentication provider in AD FS.

Remove-AdfsAttributeStore

Removes an attribute store from the Federation Service.

Remove-AdfsAuthenticationProviderWebContent

Removes web content customization of the authentication provider in the user sign-in web pages from AD FS.

Remove-AdfsCertificate

Removes a certificate from AD FS.

Remove-AdfsClaimDescription

Removes a claim description from the Federation Service.

Remove-AdfsClaimsProviderTrust

Removes a claims provider trust from the Federation Service.

Remove-AdfsClient

Deletes registration information for an OAuth 2.0 client that is currently registered with AD FS.

Remove-AdfsDeviceRegistrationUpnSuffix

Removes a custom UPN suffix.

Remove-AdfsGlobalWebContent

Removes a global web content object.

Remove-AdfsNonClaimsAwareRelyingPartyTrust

Removes a relying party trust for a non-claims-aware web application or service from the Federation Service.

Remove-AdfsRelyingPartyTrust

Removes a relying party trust from the Federation Service.

Remove-AdfsRelyingPartyWebContent

Removes a relying party web content object.

Remove-AdfsWebApplicationProxyRelyingPartyTrust

Removes the relying party trust object for the proxy.

Remove-AdfsWebTheme

Removes a web theme.

Revoke-AdfsProxyTrust

Revokes trust for all configured for the Federation Service.

Set-AdfsAdditionalAuthenticationRule

Sets the global rules that provide the trigger for additional authentication providers to be invoked.

Set-AdfsAttributeStore

Modifies properties of an attribute store.

Set-AdfsAuthenticationProviderWebContent

Modifies a display name and description.

Set-AdfsCertificate

Sets the properties of an existing certificate that AD FS uses to sign, decrypt, or secure communications.

Set-AdfsCertSharingContainer

Sets the account that is used for sharing managed certificates in a federation server farm.

Set-AdfsClaimDescription

Modifies the properties of a claim description.

Set-AdfsClaimsProviderTrust

Sets the properties of a claims provider trust.

Set-AdfsClient

Modifies registration settings for an OAuth 2.0 client registered with AD FS.

Set-AdfsDeviceRegistration

Configures the administrative policies for the Device Registration Service.

Set-AdfsDeviceRegistrationUpnSuffix

Sets the list of UPN suffixes.

Set-AdfsEndpoint

Sets the endpoint on a 웹 응용 프로그램 프록시.

Set-AdfsGlobalAuthenticationPolicy

Modifies the AD FS global policy.

Set-AdfsGlobalWebContent

Sets properties for global web content objects.

Set-AdfsNonClaimsAwareRelyingPartyTrust

Sets the properties of a relying party trust for a non-claims-aware web application or service.

Set-AdfsProperties

Sets the properties that control global behaviors in AD FS.

Set-AdfsRegistrationHosts

The Set-AdfsRegistrationHosts cmdlet is deprecated. Instead, use the Set-AdfsDeviceRegistrationUpnSuffix cmdlet.

Set-AdfsRelyingPartyTrust

Sets the properties of a relying party trust.

Set-AdfsRelyingPartyWebContent

Sets properties for the relying party web content objects.

Set-AdfsSslCertificate

Sets an SSL certificate for HTTPS bindings for AD FS and the device registration service.

Set-AdfsSyncProperties

Modifies the frequency of synchronization for AD FS configuration database and which server is primary in the farm.

Set-AdfsWebApplicationProxyRelyingPartyTrust

Modifies properties of the relying party trust object for 웹 응용 프로그램 프록시.

Set-AdfsWebConfig

Modifies web customization configuration settings.

Set-AdfsWebTheme

Modifies properties of a web theme.

Unregister-AdfsAuthenticationProvider

Deletes an external authentication provider from AD FS.

Update-AdfsCertificate

Updates the certificates of AD FS.

Update-AdfsClaimsProviderTrust

Updates the claims provider trust from federation metadata.

Update-AdfsRelyingPartyTrust

Updates the relying party trust from federation metadata.

To use these cmdlets you must have previously installed the AD FS server role. This can be done using the Add Roles and Features Wizard in Server Manager or optionally, you can use the Install-WindowsFeature AD-Federation-Services cmdlet at a Windows PowerShell prompt to add the role.

Once the role is added, you can list all the cmdlets that are available in the AD FS module by using the Get-Command * -module ADFS cmdlet.

For more information about—or for the syntax for—any of the AD FS cmdlets, use the Get-Help <cmdlet name> cmdlet, where <cmdlet name> is the name of the cmdlet that you want to research. For more detailed information, you can run any of the following cmdlets:

  • Get-Help <cmdlet name> -Detailed

  • Get-Help <cmdlet name> -Full

  • Get-Help <cmdlet name> -Detailed

  • Get-Help <cmdlet name> -Examples

More information

For more information about the AD FS cmdlets, see the following: