Get-AdfsProperties

Gets all the associated properties for the AD FS service.

Syntax

Get-AdfsProperties []

Description

The Get-AdfsProperties cmdlet gets all the associated properties for the Active Directory Federation Services (AD FS) service.

Examples

Example 1: Get the associated properties

PS C:\> Get-AdfsProperties


AcceptableIdentifiers                      : {}
AddProxyAuthorizationRules                 : exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) =>
issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true");
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^AD AUTHORITY$" ]
=>
issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustManagerSid({0})",
param=c.Value );
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$" ]
=>
issue(store="_ProxyCredentialStore",types=("http://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrustProvisioned({0})",
param=c.Value );
ArtifactDbConnection                       : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial Catalog=AdfsArtifactStore;Integrated Security=True
AuthenticationContextOrder                 : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,
urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, urn:oasis:names:tc:SAML:2.0:ac:classes:X509...}
AutoCertificateRollover                    : False
CertificateCriticalThreshold               : 2
CertificateDuration                        : 365
CertificateGenerationThreshold             : 20
CertificatePromotionThreshold              : 5
CertificateRolloverInterval                : 720
CertificateSharingContainer                : CN=e6ddcbbc-5dc9-4ef2-9354-5e9ba1cac82d,CN=ADFS,CN=Microsoft,CN=Program Data,DC=contoso,DC=com
CertificateThresholdMultiplier             : 1440
ClientCertRevocationCheck                  : None
ContactPerson                              : Microsoft.IdentityServer.Management.Resources.ContactPerson
DisplayName                                : Contoso Corp.
IntranetUseLocalClaimsProvider             : False
ExtendedProtectionTokenCheck               : Allow
FederationPassiveAddress                   : /adfs/ls/
HostName                                   : sts.contoso.com
HttpPort                                   : 80
HttpsPort                                  : 443
TlsClientPort                              : 49443
Identifier                                 : http://sts.contoso.com/adfs/services/trust
InstalledLanguage                          : en-US
LogLevel                                   : {Errors, Information, Verbose, Warnings}
MonitoringInterval                         : 1440
NetTcpPort                                 : 1501
NtlmOnlySupportedClientAtProxy             : True
OrganizationInfo                           :
PreventTokenReplays                        : False
ProxyTrustTokenLifetime                    : 21600
ReplayCacheExpirationInterval              : 60
SignedSamlRequestsRequired                 : False
SamlMessageDeliveryWindow                  : 5
SignSamlAuthnRequests                      : False
SsoLifetime                                : 480
PersistentSsoLifetimeMins                  : 10080
PersistentSsoEnabled                       : True
PersistentSsoCutoffTime                    : 1/1/0001 12:00:00 AM
KmsiEnabled                                : False
LoopDetectionEnabled                       : True
LoopDetectionTimeIntervalInSeconds         : 20
LoopDetectionMaximumTokensIssuedInInterval : 5
SendClientRequestIdAsQueryStringParameter  : True
WIASupportedUserAgents                     : {MSIE 6.0, MSIE 7.0, MSIE 8.0, MSIE 9.0...}
ExtranetLockoutThreshold                   : 2
ExtranetLockoutEnabled                     : True
ExtranetObservationWindow                  : 01:00:00

This command retrieves the associated properties from AD FS.

Inputs

None

Outputs

Microsoft.IdentityServer.Management.Resources.ServiceProperties

AcceptableIdentifiers                       uri[]
AddProxyAuthorizationRules                  string
AllowLocalAdminsServiceAdministration       bool
AllowSystemServiceAdministration            bool
ArtifactDbConnection                        string
AuditLevel                                  string[]
AuthenticationContextOrder                  uri[]
AutoCertificateRollover                     bool
BrowserSsoEnabled                           bool
BrowserSsoSupportedUserAgents               string[]
CertificateCriticalThreshold                int
CertificateDuration                         int
CertificateGenerationThreshold              int
CertificatePromotionThreshold               int
CertificateRolloverInterval                 int
CertificateSharingContainer                 string
CertificateThresholdMultiplier              int
ClientCertRevocationCheck                   Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting
ContactPerson                               Microsoft.IdentityServer.Management.Resources.ContactPerson
CurrentFarmBehavior                         int
DelegateServiceAdministration               string
DeviceUsageWindowInDays                     int
DisplayName                                 string
EnableIdpInitiatedSignonPage                bool
EnableOauthLogout                           bool
ExtendedProtectionTokenCheck                Microsoft.IdentityServer.PolicyModel.Configuration.ProtectionPolicySetting
ExtranetLockoutEnabled                      bool
ExtranetLockoutRequirePDC                   bool
ExtranetLockoutThreshold                    int
ExtranetObservationWindow                   timespan
FederationPassiveAddress                    string
GlobalRelyingPartyClaimsIssuancePolicy      string
HostName                                    string
HttpPort                                    int
HttpsPort                                   int
Identifier                                  uri
IdTokenIssuer                               uri
IgnoreTokenBinding                          bool
InstalledLanguage                           string
IntranetUseLocalClaimsProvider              bool
KmsiEnabled                                 bool
KmsiLifetimeMins                            int
LocalAuthenticationTypesEnabled             bool
LogLevel                                    string[]
LoopDetectionEnabled                        bool
LoopDetectionMaximumTokensIssuedInInterval  int
LoopDetectionTimeIntervalInSeconds          int
MonitoringInterval                          int
NetTcpPort                                  int
NtlmOnlySupportedClientAtProxy              bool
OrganizationInfo                            Microsoft.IdentityServer.Management.Resources.Organization
PasswordValidationDelayInMinutes            int
PersistentSsoCutoffTime                     datetime
PersistentSsoEnabled                        bool
PersistentSsoLifetimeMins                   int
PreventTokenReplays                         bool
ProxyTrustTokenLifetime                     int
RelayStateForIdpInitiatedSignOnEnabled      bool
ReplayCacheExpirationInterval               int
SamlMessageDeliveryWindow                   int
SendClientRequestIdAsQueryStringParameter   bool
SignedSamlRequestsRequired                  bool
SignSamlAuthnRequests                       bool
SsoLifetime                                 int
TlsClientPort                               int
WiaEvaluationMethod                         Microsoft.IdentityServer.WiaEvaluationMethodState
WIASupportedUserAgents                      string[]

Outputs

Microsoft.IdentityServer.PolicyModel.Configuration.RevocationSetting

RevocationSetting
{
  None = 0,
  CheckEndCert = 1,
  CheckEndCertCacheOnly = 2,
  CheckChain = 3,
  CheckChainCacheOnly = 4,
  CheckChainExcludeRoot = 5,
  CheckChainExcludeRootCacheOnly = 6,
}

Outputs

Microsoft.IdentityServer.Management.Resources.ContactPerson

ContactType     string
EmailAddresses  string[]
GivenName       string
PhoneNumbers    string[]
Surname         string

Outputs

Microsoft.IdentityServer.PolicyModel.Configuration.ProtectionPolicySetting

Allow    string
Require  string
None     string

Outputs

Microsoft.IdentityServer.Management.Resources.Organization

DisplayName      string
Name             string
OrganizationUrl  string

Outputs

Microsoft.IdentityServer.WiaEvaluationMethodState

WiaEvaluationMethodState
{
  WiaCapabilityDetection,
  WiaUserAgentDetection
}