Lead Image © drubig-photo, fotolia.com

Lead Image © drubig-photo, fotolia.com

Automate the Active Directory Federation Services install

One Click

Article from ADMIN 32/2016
By
Installing Active Directory Federation Services is complex and involves several GUIs. For admins entrusted with building a farm, repetitive clicking in various management consoles can become an annoying and error-prone process. The call for automation is loud.

For this article on Active Directory Federation Services (ADFS) automation, I assume the work on Active Directory (AD) and DNS itself is complete and that the SQL Server is installed and available. The service account on the AD – in which context the service runs on each federation server – has no special permissions. However, it must be a member of the local Administrators group on each federation server. You can ensure this with a script or the following command at the prompt:

Net Localgroup administrators KBCORP\ADFSSrv /add

The NetBIOS name of the domain in the examples here is KBCORP , which you will see several times.

If you use multiple federated servers on your farm and want to populate the local administrator's group on the servers centrally and remotely, the Sysinternals PsExec.exe PSTools is a useful choice (Figure 1). In this age of PowerShell remoting and similar features, you have many ways to manage servers remotely, but few are as easy to handle as PSTools [1]. Without registering or installing anything on the target system or elsewhere, you can call PsExec.exe from any folder:

psexec \\adfs1 net localgroup administrators kbcorp\ADFSSrv /add
Figure 1:
...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © Helder Almeida, 123RF.com
    Monitoring Active Directory Federation Services
    Problems with ADFS trusts can affect network access for Office 365 or associated partner companies. Fortunately, administrators have various monitoring options.
    more »
  • © Rossella Apostoli, 123RF.com
    The best cmdlets for PowerShell
    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.
    more »
  • Top PowerShell Cmdlets

    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.

    more »
  • Lead Image © Kirill Cherezov, 123RF.com
    Software-defined networking with Windows Server 2016
    Windows Server 2016 takes a big step toward software-defined networking, with the Network Controller server role handling the centralized management, monitoring, and configuration of network devices and virtual networks. This service can also be controlled with PowerShell and is particularly interesting for Hyper-V infrastructures.
    more »
  • Lead Image © mikiel, 123RF.com
    Policy-based DNS in Windows Server 2016
    Inflexible DNS name resolution was solved in Windows Server 2016, thanks to policy-based DNS.
    more »
comments powered by Disqus