In this article I want to describe the few steps how to install an AD FS Farm with PowerShell.
AD FS Farm Installation
- Install AD FS Role
Install-WindowsFeature ADFS-Federation
- Install Certificate you want to use later for AD FS
$password = Read-Host -AsSecureString certutil -f -p $password -importPFX C:\install\certificate.pfx
- Verify that the certificate was installed successfully
dir cert:\LocalMachine\My
- Add first AD FS Node (with SQL and not WID, if you use WID then you can omit the last parameter)
- If you use a domain acccount
$ADFSCred = Get-Credential "domain\sa-adfs" Install-AdfsFarm -CertificateThumbprint "0000000011111122222233333344444444555555" -FederationServiceDisplayName "ADFS Company Name" –FederationServiceName "adfs.domain.ch" -ServiceAccountCredential $ADFSCred -SQLConnectionString "Data Source=SQL;Integrated Security=True"
- If you use a Group Managed Service Account
Install-AdfsFarm -CertificateThumbprint "0000000011111122222233333344444444555555" -FederationServiceDisplayName "ADFS Company Name" –FederationServiceName "adfs.domain.ch" -GroupServiceAccountIdentifier DOMAIN\GMSA-Adfs$ -SQLConnectionString "Data Source=SQL;Integrated Security=True"
- If you use a domain acccount
- To add an additional server to the Farm, go to the second server and run step 1-3 and then continue with this step
- If you use a domain acccount
$ADFSCred = Get-Credential "domain\sa-adfs" Add-AdfsFarmNode -ServiceAccountCredential $ADFSCred -PrimaryComputerName ADFSSERVER1 -CertificateThumbprint "0000000011111122222233333344444444555555" -SQLConnectionString "Data Source=SQL;Integrated Security=True"
- If you use a Group Managed Service Account
Add-AdfsFarmNode -GroupServiceAccountIdentifier "domain\GMSA-Adfs$" -CertificateThumbprint "0000000011111122222233333344444444555555" -SQLConnectionString "Data Source=SQL;Integrated Security=True"
- If you use a domain acccount
