The Power of POSH and Get-Help

If you ever find yourself yearning to break into Powershell for extending your technological tendrils into areas normally reserved for C++ or C# developers then you’ll want to leverage the Power of the Get-Help Powershell cmdlet. Example: Let’s say you want to list all and any cmdlets that contain ‘ADFS’ or that mention ‘ADFS’ anywhere in…


Installing ADFS 2.1 on Windows Server 2012 with Windows Internal Database fails if local GPO granting User Rights is overwritten at the Domain or OU-level

During the installation of ADFS 2.1 on Windows Server 2012 the Add-Role wizard grants the local virtual account NT SERVICEMSSQL$MICROSOFT##WID that runs the WID service ‘Log on as a service’ user rights via the Local Group policy. If the Local Group Policy that grants the user rights is overwritten by a GPO with a higher priority that also defines User Rights the…


Upgrading from ADFS 2.0 to ADFS 2.1

[Note: this is a shortcut variation on the steps in the Technet article on http://technet.microsoft.com/en-us/library/jj134039.aspx and should for now only be used in lab scenarios as it hasn’t been officially tested by the PG’s] The short version;  Add the AD FS role on Windows Server 2012, choose to add it to an existing farm. Make the new…

2

Fiddling with ADFS – end the infinite authentication loop

While working at a customer site the other day I was reminded of an article by Eric Lawrence on why you sometimes start seeing endless pop-up windows asking for credentials when using Fiddler to decrypt HTTPS traffic during troubleshooting. In short; If the web server has Extended Protection for Authentication enabled then it detects that…