Automate the Active Directory Federation Services install

One Click

Office 365 and Other Trusts

If you plan to use the diagnostics module, please note the following: The cmdlet I just looked at, Test-AdfsServerHealth, performs a series of tests to check trust relationships with partners, including Office 365, and the validity of the certificates. You need to pay special attention to this. If the certificates are due to expire in the next 90 days, the cmdlet notifies you and gives you time to respond. If the federation services have problems with an expired certificate, for example, authenticating against partners becomes impossible all of a sudden.

The Test-ADFSServerToken cmdlet is like ping for ADFS, and it checks against Azure Active Directory to see whether a token can be issued and thus whether authentication is okay. This means you do not have to wait for a user to call and tell you that things are going wrong because you can automatically keep an eye on the federation services with any account and password (Get-Credential).

Conclusions

In this article, I took just a little excursion into the possibilities of automating the federation services. Quickly setting up a couple of servers along with a federation service farm is not only less prone to error with the commands I looked at, but it's also faster than using the GUI. The whole thing can be extended of course; after all, many more tasks are involved in establishing federation services. For example, the DNS record for the ADFS service must exist, the ADFS service name must be added as trusted in the Internet Explorer zones, and the load balancer needs to be adapted when you add a node. The commands shown in this article are thus designed to act as an incentive for expanding the features you looked at in your ADFS environment.

Infos