Category Archives: Microsoft Windows Server

70-742 Additional Notes – AD FS, WAP, and Preauthentication

When you are configuring AD FS and WAP you have two preauthentication methods and various types of preauthentication available. Here is a recap of when you would use the various methods and types:

  • AD FS preauthentication method
    • Type – Web and MSOFBA
      • WebApplication
      • Rich Office Client
      • SharePoint
      • Office Server
      • Custom WebApp
    • Type – HTTP Basic
      • Rich Client without HTTP Redirection
      • Exchange ActiveSync
      • Remote Desktop Gateway
    • Type – OAuth2
      • Application using OAuth2
      • Windows Store Apps
      • Custom Application
  • Pass-Through preauthentication method 
    • No authentication
    • Forward authentication
    • Anonymous website
    • Legacy application
    • Public website

70-742 Additional Notes – Restoring the Default GPOs

70-742

You may find yourself in a situation where you need to restore the default domain policy or the default domain controllers policy to their original configurations. Thankfully – there is a tool for this – it is the aptly named dcgpofix.exe command line tool. This tools offers the following options:

  • /ignoreschema- this permits the command to run regardless of the AD scheme version in use
  • /target – permits you to specify exactly what object you want to restore
  • /? – permits the display of help on the command

70-742 Additional Notes – Federation Services Cmdlets for PowerShell

Be sure to run through these useful cmdlets for the management of Active Directory Federation Services. Remember, don’t go crazy with memorization here on cmdlets. Just remember the verb-noun syntax and review the list to see what is possible. Once again – don’t miss the READ MORE button in the blog post to see the complete list:

  • Add-​Adfs​Attribute​Store
    Adds an attribute store to the Federation Service.
  • Add-​Adfs​Certificate
    Adds a new certificate to AD FS for signing, decrypting, or securing communications.
  • Add-​Adfs​Claim​Description
    Adds a claim description to the Federation Service.
  • Add-​Adfs​Claims​Provider​Trust
    Adds a new claims provider trust to the Federation Service.
  • Add-​Adfs​Claims​Provider​Trusts​Group
    Creates a claims provider trust group based on metadata that contains multiple entities.
  • Add-​Adfs​Client
    Registers an OAuth 2.0 client with AD FS.
  • Add-​Adfs​Device​Registration​Upn​Suffix
    Adds a custom UPN suffix.
  • Add-​Adfs​Farm​Node
    Adds this computer to an existing federation server farm.
  • Add-​Adfs​Local​Claims​Provider​Trust
    Creates a local claims provider trust.
  • Add-​Adfs​Native​Client​Application
    Adds a native client application role to an application in AD FS.
  • Add-​Adfs​Non​Claims​Aware​Relying​Party​Trust
    Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.
  • Add-​Adfs​Relying​Party​Trust
    Adds a new relying party trust to the Federation Service.
  • Add-​Adfs​Relying​Party​Trusts​Group
    Creates a relying party trusts group.
  • Add-​Adfs​Scope​Description
    Adds a scope description in AD FS.
  • Add-​Adfs​Server​Application
    Adds a server application role to an application in AD FS.
  • Add-​Adfs​Trusted​Federation​Partner
    Adds configuration settings for trusted federation partners in AD FS.
  • Add-​Adfs​Web​Api​Application
    Adds a Web API application role to an application in AD FS.
  • Add-​Adfs​Web​Application​Proxy​Relying​Party​Trust
    Adds a relying party trust for the Web Application Proxy.
  • Disable-​Adfs​Application​Group
    Disables an application group.

Continue reading 70-742 Additional Notes – Federation Services Cmdlets for PowerShell