PowerShellRay

Archive for the ‘Office 365’ Category

Install Active Directory Federation Services (ADFS)

clip_image002

Install Remote Access role and then choose Web Application Proxy (WAP)

clip_image004

clip_image006

On ADFS server we will use the MMC to issue certificate request as it’s needed in

clip_image008

clip_image010

clip_image012

clip_image014

clip_image016

clip_image018

clip_image020

clip_image022

After you issue the certificate you need to Import certificate.

clip_image024

clip_image026

clip_image028

clip_image030

clip_image032

clip_image034

Wizard do this script for you

#

# Windows PowerShell script for AD FS Deployment

#

Import-Module ADFS

# Get the credential used for performaing installation/configuration of ADFS

$installationCredential = Get-Credential -Message "Enter the credential for the account used to perform the configuration."

Install-AdfsFarm `

-CertificateThumbprint:"D6ABC667B2B9BAC9ADC70D6FCEDA82137D2D3EBC" `

-Credential:$installationCredential `

-FederationServiceDisplayName:"Azure In Action" `

-FederationServiceName:"sts.azureinaction.com" `

-GroupServiceAccountIdentifier:"AZUREINACTION\gsma-sts`$"

clip_image036

clip_image038

clip_image040

 

#

# Windows PowerShell script for AD FS Deployment

#

Import-Module ADFS

Install-AdfsFarm `

-CertificateThumbprint:"E53AE7E0230B39D0FFA20488C9087AEC504E4E39" `

-FederationServiceDisplayName:"Azure In Action" `

-FederationServiceName:"sts.azureinaction.com" `

-GroupServiceAccountIdentifier:"AZUREINACTION\gsmsts`$" `

-OverwriteConfiguration:$true

#

https://sts.azureinaction.com/adfs/ls/IdpInitiatedSignon.aspx

clip_image042

WAP

clip_image044

clip_image046

clip_image048

Install-WebApplicationProxy -FederationServiceTrustCredential System.Management.Automation.PSCredential -CertificateThumbprint 'E53AE7E0230B39D0FFA20488C9087AEC504E4E39' -FederationServiceName 'sts.azureinaction.com

On ADFS server install

clip_image049

clip_image051

clip_image053

Import-Module MSOnline

$O365Cred = Get-Credential

$O365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection

Import-PSSession $O365Session

Connect-MsolService -Credential $O365Cred

PS C:\Users\ray.AZUREINACTION\Desktop> Update-MsolFederatedDomain

cmdlet Update-MsolFederatedDomain at command pipeline position 1

Supply values for the following parameters:

DomainName: azureinaction.com

Successfully updated 'azureinaction.com' domain.

PS C:\Users\ray.AZUREINACTION\Desktop>

clip_image055

PS C:\Users\ray.AZUREINACTION\Desktop> Get-MsolDomainVerificationDns -DomainName

azureinaction.com

CanonicalName : ps.microsoftonline.com

ExtensionData : System.Runtime.Serialization.ExtensionDataObject

Capability : None

IsOptional :

Label : ms31961882.azureinaction.com

ObjectId : fe8b277b-6665-477a-82a5-13d12093c912

Ttl : 3600

PS C:\Users\ray.AZUREINACTION\Desktop> New-MsolFederatedDomain -DomainName azure

inaction.com

Successfully added 'azureinaction.com' domain.

PS C:\Users\ray.AZUREINACTION\Desktop> Get-MsolDomain

Name Status Authentication

---- ------ --------------

azureinaction.com Verified Federated

azureinaction.mail.onmicrosoft.com Verified Managed

azureinaction.onmicrosoft.com Verified Managed

This step is completely optional, but is worth pointing out at this stage, now that our internal ADFS farm setup is nearly finished. From time to time, Microsoft may update their side of the federation trust. To ensure that these changes are monitored and applied automatically on our end, enable ADFS relying party trust monitoring:

Get-ADFSRelyingPartyTrust | Set-ADFSRelyingPartyTrust -AutoUpdateEnabled $true

Update-ADFSCertificate -CertificateType "Token-Signing"

clip_image057

DirSync

Install dot ne framework 3

clip_image059

clip_image061

clip_image063

Go to

clip_image065

clip_image067

clip_image069

clip_image071

clip_image073

clip_image075

clip_image077

clip_image079

clip_image081

clip_image083

clip_image085

clip_image087

clip_image089

clip_image091

clip_image093

clip_image095

Force directory synchronization using Windows PowerShell

You can use the directory synchronization Windows PowerShell cmdlet to force synchronization. The cmdlet is installed when you install the Directory Sync tool.

1. On the computer that is running the Directory Sync tool, navigate to the directory synchronization installation folder. By default, it is located here: %programfiles%\Microsoft Online Directory Sync or %programfiles%\Windows Azure Active Directory Sync (the location depends on the version you have installed).

2. Double-click DirSyncConfigShell.psc1 to open a Windows PowerShell window with the cmdlets loaded.

3. In the Windows PowerShell window, type Start-OnlineCoexistenceSync, and then press ENTER.

clip_image097

MFA

clip_image099

clip_image101

clip_image103

clip_image105

clip_image107

clip_image109

clip_image111

clip_image113

clip_image115

clip_image117

Put name of group

Click No

clip_image119

clip_image121

clip_image123

clip_image125

clip_image127

clip_image129

clip_image131

clip_image133

clip_image135

clip_image137clip_image139

IIS

http://technet.microsoft.com/en-us/library/dn394277.aspx

clip_image141

clip_image143

clip_image145

clip_image147

clip_image149

clip_image151

clip_image153


%d bloggers like this: