ADFS 2.0可以使用以下模式配置Standalone,Farm,SQLFarm。
作为诊断工作流程的一部分,我需要检查一下。命令Get-ADFSConfiguration提供了大量信息;但是,没有关于配置类型的明确属性。经过进一步调查,类型Standlalone,Farm,SQLFarm实际上是指ADFS目录中的xml文件。
通过PowerShell确定ADFS 2.0配置类型的最佳方法是什么?
答案 0 :(得分:1)
您需要检查以查看正在使用的服务登录帐户,如果不是网络服务,则需要检查其是否为场模式,并且您可以检查artifactdbconnection。
以下是我使用的内容......
Function Get-ADFSConfigurationType
{
if ((Test-CommandExists "Get-ADFSConfiguration") -ne $true)
{
return 'Not Installed'
}
# get the localized form of 'NT AUTHORITY\NETWORK SERVICE'
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-20") # NT AUTHORITY\NETWORK SERVICE
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$networkserviceLocalizedName = $objUser.Value
$adfsServiceLogonName = (Get-WmiObject -ComputerName '.' Win32_Service | where {$_.Name -eq 'adfssrv'} | Select StartName).StartName
if ($adfsServiceLogonName -eq $networkserviceLocalizedName)
{
# ADFS is configured in standalone mode if it is running under NT AUTHORITY\NETWORK SERVICE
return 'Standalone';
}
if ($adfsServiceLogonName -eq 'LocalSystem')
{
# ADFS should not be run under Local System
# 'LocalSystem' is the same across all locales
return 'Error ADFSSRV Logon is LocalSystem';
}
try
{
$conf = Get-ADFSConfiguration;
}
catch
{
return 'Error Calling Get-ADFSConfiguration'
}
if ( $conf.ArtifactDbConnection -like "*\\.\pipe\*" )
{
# ADFS uses a Windows Internal Database, it's a Farm configuration
return 'Farm';
}
else
{
# ADFS is configured for SQLFarm
return 'SQLFarm';
}
}
答案 1 :(得分:0)
更新:这是一个天真的解决方案。请关注批准的回复者。
Function Get-ADFSConfigurationType
{
$conf = Get-ADFSConfiguration;
if ( $conf.CertificateSharingContainer -eq $null )
{
# ADFS is configured in standalone mode.
return 'Standalone';
}
if ( $conf.ArtifactDbConnection -like "*\\.\pipe\*" )
{
# ADFS uses a Windows Internal Database, it's a Farm configuration
return 'Farm';
}
else
{
# ADFS is configured for SQLFarm
return 'SQLFarm';
}
}