Versions Compared

Old Version 7

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 10

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Microsoft AD FS v3 or higher
  • Local administrator privileges to schedule privileged jobs
  • AD FS administrator-level permissions to run PowerShell commands
  • Acceptance of the security considerations running PowerShell retrieved from Microsoft’s PowerShellgallery.com 

While not a firm requirement, we strongly suggest a test AD FS environment to perform the installation prior to installing in production. You should be aware that after installation, you will see a few thousand trusts displayed within the administration toolset, AD FS-Microsoft Management Console (MMC).

...

PowerShell 
 
Install-Module –name ADFSADFSToolkit Toolkit

If this is your first time installing items from PowerShell Gallery, you may see this:
 

...

C:\Program Files\WindowsPowerShell\Modules\ADFS ToolkitADFSToolkit\[version #]

Bootstrapping Trust Explained

...

PowerShell Hint: Use this to see ADFS Toolkit’s Module base directory 
 
(Get-Module –Name ADFS ToolkitADFSToolkit).ModuleBase


In addition, a new directory will be created on disk here: C:\ADFS Toolkit\.  This directory contains the Task Scheduler job sync-ADFSTkAggregates.ps1.  This permits one or more aggregates to be loaded (or re-loaded) with a single command. 
Subsequent runs of “New-ADFSTkConfiguration” command in PowerShell will append a command to load that aggregate in the sync-ADFSTkAggregates.ps1 PowerShell script.

...

  • Back up the C:\ADFS Toolkit directory
  • Create a system snapshot/recovery point to return to
  • Disable/suspend the ADFS Toolkit scheduled job
  • Issue ‘Update-Module ADFS Toolkit’ADFSToolkit’
    • When Update-Module is run, it will attempt to detect if there is a newer version available from PowerShellGallery.com and download it.
    • Note that each module is downloaded into it’s own directory containing the version number of the script. ADFS Toolkit will not run properly with more than one version available so once the new version is confirmed on disk and available, we recommend moving the older version out of the PowerShell path so that only the latest version is available.
  • Migrate existing configuration file and related cache files
    • Is possible but if you hand edited the settings before, you need to re-apply the changes after migrating the configuration to the new format. There are two ways to do this
      • Create the configuration as if they are new hand entering old answers
      • Taking advantage of the pipelining features of New-ADFSTkConfiguration which can ingest your existing configuration and fetch many of the existing settings and bring them into the new format. You still need to inspect for any hand edits to be applied however.

Example of pipelining your old configuration into the new is below:

"C:\ADFS ToolkitADFSToolkit\0.9.1.48\config\config.CAFSWAMID.xml" | New-ADFSTkConfiguration

...