When you are configuring AD FS and WAP you have two preauthentication methods and various types of preauthentication available. Here is a recap of when you would use the various methods and types:
- AD FS preauthentication method
- Type – Web and MSOFBA
- Rich Office Client
- Office Server
- Custom WebApp
- Type – HTTP Basic
- Rich Client without HTTP Redirection
- Exchange ActiveSync
- Remote Desktop Gateway
- Type – OAuth2
- Application using OAuth2
- Windows Store Apps
- Custom Application
- Pass-Through preauthentication method
- No authentication
- Forward authentication
- Anonymous website
- Legacy application
- Public website
You may find yourself in a situation where you need to restore the default domain policy or the default domain controllers policy to their original configurations. Thankfully – there is a tool for this – it is the aptly named dcgpofix.exe command line tool. This tools offers the following options:
- /ignoreschema- this permits the command to run regardless of the AD scheme version in use
- /target – permits you to specify exactly what object you want to restore
- /? – permits the display of help on the command
Be sure to run through these useful cmdlets for the management of Active Directory Federation Services. Remember, don’t go crazy with memorization here on cmdlets. Just remember the verb-noun syntax and review the list to see what is possible. Once again – don’t miss the READ MORE button in the blog post to see the complete list:
Adds an attribute store to the Federation Service.
Adds a new certificate to AD FS for signing, decrypting, or securing communications.
Adds a claim description to the Federation Service.
Adds a new claims provider trust to the Federation Service.
Creates a claims provider trust group based on metadata that contains multiple entities.
Registers an OAuth 2.0 client with AD FS.
Adds a custom UPN suffix.
Adds this computer to an existing federation server farm.
Creates a local claims provider trust.
Adds a native client application role to an application in AD FS.
Adds a relying party trust that represents a non-claims-aware web application or service to the Federation Service.
Adds a new relying party trust to the Federation Service.
Creates a relying party trusts group.
Adds a scope description in AD FS.
Adds a server application role to an application in AD FS.
Adds configuration settings for trusted federation partners in AD FS.
Adds a Web API application role to an application in AD FS.
Adds a relying party trust for the Web Application Proxy.
Disables an application group.
Continue reading 70-742 Additional Notes – Federation Services Cmdlets for PowerShell