In this article I want to describe the few steps how to install an AD FS Farm with PowerShell.

AD FS Farm Installation

  1. Install AD FS Role
    Install-WindowsFeature ADFS-Federation
  2. Install Certificate you want to use later for AD FS
    $password = Read-Host -AsSecureString
certutil -f -p $password -importPFX C:\install\certificate.pfx
  3. Verify that the certificate was installed successfully
    dir cert:\LocalMachine\My
  4. Add first AD FS Node (with SQL and not WID, if you use WID then you can omit the last parameter)
    1. If you use a domain acccount
      $ADFSCred = Get-Credential "domain\sa-adfs"
Install-AdfsFarm -CertificateThumbprint "0000000011111122222233333344444444555555" -FederationServiceDisplayName "ADFS Company Name" –FederationServiceName "adfs.domain.ch" -ServiceAccountCredential $ADFSCred -SQLConnectionString "Data Source=SQL;Integrated Security=True"
    2. If you use a Group Managed Service Account
      Install-AdfsFarm -CertificateThumbprint "0000000011111122222233333344444444555555" -FederationServiceDisplayName "ADFS Company Name" –FederationServiceName "adfs.domain.ch" -GroupServiceAccountIdentifier DOMAIN\GMSA-Adfs$ -SQLConnectionString "Data Source=SQL;Integrated Security=True"
  5. To add an additional server to the Farm, go to the second server and run step 1-3 and then continue with this step
    1. If you use a domain acccount
      $ADFSCred = Get-Credential "domain\sa-adfs"
Add-AdfsFarmNode -ServiceAccountCredential $ADFSCred -PrimaryComputerName ADFSSERVER1 -CertificateThumbprint "0000000011111122222233333344444444555555" -SQLConnectionString "Data Source=SQL;Integrated Security=True"
    2. If you use a Group Managed Service Account
      Add-AdfsFarmNode -GroupServiceAccountIdentifier "domain\GMSA-Adfs$" -CertificateThumbprint "0000000011111122222233333344444444555555" -SQLConnectionString "Data Source=SQL;Integrated Security=True"