AD FS Cmdlets in Windows PowerShell
Applies To: Windows Server 2012 R2 Preview
Windows PowerShell™ is a task-based command-line shell and scripting language designed especially for system administration. This reference provides command-line reference documentation for the IT professional of the Windows PowerShell cmdlets that you can use to deploy and administer Active Directory Federation Services (AD FS) in Windows Server® 2012.
With Windows Server 2012, the AD FS server role now includes cmdlets that you can use to perform PowerShell-based deployment within your federated identity installations and environments.
The following table lists all the cmdlets that are available for deploying AD FS in Windows Server 2012.
| Cmdlet | Description |
|---|---|
Adds this computer to an existing federation server farm. |
|
Configures this computer as a federation server proxy. |
|
Generates the SQL scripts that can be used separately to create the AD FS database and to grant permissions. |
|
Creates the first node of a new federation server farm. |
|
Sets up this computer as a stand-alone federation server for evaluation purposes or for a small lab environment. |
In addition to deployment, you can continue to use AD FS cmdlets that were first made available in AD FS 2.0 to perform various administrative, configuration, and diagnostic tasks in your federated identity deployment and environments.
Note
The following cmdlets for getting and setting AD FS configuration properties have revised from their original naming in AD FS 2.0.
- Get-ADFSProperties has been renamed Get-AdfsConfiguration.
- Get-ADFSProxyProperties has been renamed has been renamed Get-AdfsProxyConfiguration.
- Get-ADFSSyncProperties has been renamed Get-AdfsSyncConfiguration.
- Set-ADFSProperties has been renamed Set-AdfsConfiguration.
- Set-ADFSProxyProperties has been renamed Set-AdfsProxyConfiguration.
- Set-ADFSSyncProperties has been renamed Set-AdfsSyncConfiguration.
The following table lists all the cmdlets that are available for administering AD FS in Windows Server 2012.
| Cmdlet | Description |
|---|---|
Adds an attribute store to the Federation Service. |
|
Adds a new certificate to the Federation Service for signing, decrypting, or securing communications. |
|
Adds a claim description to the Federation Service. |
|
Adds a new claims provider trust to the Federation Service. |
|
Adds a new relying party trust to the Federation Service. |
|
Disables a claims provider trust in the Federation Service. |
|
Disables an endpoint of the Federation Service. |
|
Disables a relying party trust of the Federation Service. |
|
Enables a claims provider trust in the Federation Service. |
|
Enables an endpoint in the Federation Service. |
|
Enables a relying party trust of the Federation Service. |
|
Gets the attribute stores of the Federation Service. |
|
Gets the certificates that are in the Federation Service. |
|
Gets claim descriptions that are in the Federation Service. |
|
Gets the claims provider trusts in the Federation Service. |
|
Gets the endpoints in the Federation Service. |
|
Gets the configuration properties of the Federation Service. |
|
Gets the configuration properties of the federation server proxy. |
|
Gets the relying party trusts of the Federation Service. |
|
Gets the configuration database synchronization properties of the Federation Service. |
|
Creates a new set of claim rules. |
|
Creates a new contact person object. |
|
Creates a new organization information object. |
|
Creates a new SAML protocol endpoint object. |
|
Removes an attribute store from the Federation Service. |
|
Removes a certificate from the Federation Service. |
|
Removes a claim description from the Federation Service. |
|
Removes a claims provider trust from the Federation Service. |
|
Removes a relying party trust from the Federation Service. |
|
Revokes all proxy trust for the Federation Service. |
|
Sets the properties of the attribute store. |
|
Sets the properties of an existing certificate that the Federation Service uses to sign, decrypt, or secure communications. |
|
Sets the account that is used for sharing managed certificates in a federation server farm. |
|
Sets the properties of an existing claim description. |
|
Sets the properties of a claims provider trust. |
|
Sets the properties of a Federation Service endpoint. |
|
Sets the configuration properties of the Federation Service. |
|
Sets the configuration properties of the federation server proxy. |
|
Sets the properties of a relying party trust. |
|
Sets the properties of the database synchronization engine for the federation server farm. |
|
Updates the certificates of the Federation Service. |
|
Updates the claims provider trust from federation metadata. |
|
Updates the relying party trust from federation metadata. |
To use these cmdlets you must have previously installed the AD FS server role. This can be done using the Add Roles and Features Wizard in Server Manager or optionally, you can use the Install-WindowsFeature AD-Federation-Services cmdlet at a Windows PowerShell prompt to add the role.
Once the role is added, you can list all the cmdlets that are available in the AD FS module by using the Get-Command * -module ADFS cmdlet.
For more information about—or for the syntax for—any of the AD FS cmdlets, use the Get-Help <cmdlet name> cmdlet, where <cmdlet name> is the name of the cmdlet that you want to research. For more detailed information, you can run any of the following cmdlets:
Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Full
Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Examples
For more information about the AD FS cmdlets, see the following: