Automated ADFS setup – with WAP roles for Exchange and Skype

It is already some time ago that I have posted a PowerShell script to the community. So I thought why not share one of the latest ones I have written.

 

This time it is about installing ADFS. In the past I have written some articles about ADFS like: MFA with MS Auth. App for OWA and Configuring ADFS for O365. This Time I uploaded a script to the Technet Gallery with which we can install ADFS and the WAP, fast and easily .

Here´s the way how to use the script:

After you have downloaded and unpacked the script bundle from the Technet, you see 6 .ps1 files.

The first one (00_) is just the function. This one you don’t need to touch or run. It is just important, that all this six files are located in the same folder!

In the next steps I will show you, how to use it.

We start our setup with the 01_ file.

As you can see in the naming convention of the files, you know which script has to be run on which server and in which sequence.

So let’s start with the 01_ one…

After we have started our PowerShell command prompt on our ADFS server as administrator,

We will be asked to enter a Bulk of variables.

I know this is not the coolest part of this installation, but it has to be done – at least once…

Now we have done the longest part and as you see in the end, this server will reboot now…

Don’t worry about the variables you have entred before the reboot. All this entries where saved in the root directory of the script we are running right now.  Later, when we continue our setup on the WAP server we simply need to copy the whole folder to the target server, and all variables will be on the right place to.

When the server has made the reboot, we go back to our script directory and we continue with the 02_ one.

NOTE: Be sure that you have installed the certificate on the ADFS server from which you have entered the Thumbprint in the variables before you continue with the setup!

This part of the script installs and configures the ADFS service on the server:

When this is done, you can see, that the ADFS is installed suchessfully:

Now we need to login to our WAP server. That we are able to install the right role and to connect to the ADFS you have to make some prequels. The post important thing is, to make sure, that the ADFS and WAP server can communicate with each other over the port 443. If this is not guaranteed, our setup will not be successful!

It is also important that you have installed the certificates on the WAP server from which you have entered the Thumbprints in the variables!

On the WAP server we copy the folder with the scripts, which we had downloaded on our ADFS server. Important is that you also copy the PersistentValues.cfg file!

Now we are ready to run the next part of our scripts, the 03_ one.

This script starts with the setup of the WAP role.

During the setup we will be asked to enter the password of our service user we have definated in our variables.

After the setup is done, this part of the script also generates a directory on the WAP server, where you can find the certificates.

To prove that all installed successfully, you can start the server manager on the WAP server and check if the role is installed:

Now we need to go back to our ADFS server and start the next part of our scripts. The 04_ one is responsible to set the Exchange authentication relaying trust.

When this script is finished, we have installed our ADFS server.

As last task we need to go one more time back to our WAP server, here we run the 05_ part of our scripts. This one creates and sets the WAP rules for Exchange and Skype.

Now all our tasks are done and the environment is ready to use…

 

Download the Script HERE from the Microsoft Technet.

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *