As Web Application Proxy is a standard Windows Server role service, you can use many Windows Server PowerShell tools to control Web Application Proxy:

Shows Web Application Proxy Windows services status Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’|fl-property*
Shows the configuration of Web Application Proxy Windows service Get-WmiObject-ClassWin32_Service-PropertyStartMode-Filter”Name=’appproxysvc'”
Get Best Practices Analyzer (BPA) results for the Remote Access role Invoke-BpaModel Microsoft/Windows/RemoteAccessServer ;
List all the events that Web Application Proxy had in the last 24 hours with their ID, Level and Message. $yesterday = (Get-Date) – (New-TimeSpan -Day 1) ;
Get-WinEvent-FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; StartTime=$yesterday} |group-PropertyID,LevelDisplayName,Message-NoElement|sortCount,Name-Descending|ft-AutoSize
Read Web Application Proxy registry keys Get-ItemPropertyhklm:\software\microsoft\appproxy
Read Web Application Proxy performance counters at current point Get-Counter’\Web Application Proxy\*’
Return the number of currently active requests (Get-Counter ‘\Web Application Proxy\active requests’).CounterSamples.CookedValue


cmdlet alias
Add-WebApplicationProxyApplication awpa
Get-WebApplicationProxyApplication gwpa
Set-WebApplicationProxyApplication swpa
Remove-WebApplicationProxyApplication rwpa
Get-WebApplicationProxyConfiguration gwpc
Set-WebApplicationProxyConfiguration swpc
Get-WebApplicationProxyAvailableADFSRelyingParty gwpr
Get-WebApplicationProxyHealth gwph


Show published applications that have ADFS as their preauthentication method Get-WebApplicationProxyApplication | ? {$_.ExternalPreauthentication -eq ‘ADFS’}
Export all published applications to a file Get-WebApplicationProxyApplication | Export-Clixml “ExportedApps”
Import published applications from a file Import-Clixml “ExportedApps” | Add-WebApplicationProxyApplication
Getting full help on the set command Get-Help -Full Set-WebApplicationProxyApplication
List all the details on all the certificates that are used by published apps.
Note: the cert: provider does not support filter
$WAP_Certs = (gwpa).ExternalCertificateThumbprint | sort –Unique ;
dir Cert:\LocalMachine\my |? {$WAP_Certs -contains $_.Thumbprint} | fl -Property *
Add a machine to the Web Application Proxy connected servers list swpc -ConnectedServersName ((gwpc).ConnectedServersName + ‘ServerToAdd’)
Remove a machine from the Web Application Proxy connected servers list swpc –ConnectedServersName ((gwpc).ConnectedServersName -ne ‘ServerToRemove’)


And finally, here are some tricks for managing Web Application Proxy multi-machine deployments:



Show the status of Web Application Proxy related services on all the connected servers grouped by their status.
Note: Same syntax would work with any command that supports the ComputerName parameter. E.g. set-service, get-process
Get-Service’appproxysvc’,’appproxyctrl’,’adfssrv’-ComputerName ((gwpc).ConnectedServersName) |sortStatus,MachineName,Name|ftMachineName,Name-AutoSize-GroupByStatus
Restart the Web Application Proxy service on all the connected servers and print the name of the machines Invoke-Command -ScriptBlock {Restart-Service ‘appproxysvc’; (Get-WmiObject -Class Win32_ComputerSystem).Name} -ComputerName ((gwpc).ConnectedServersName)
Show the names of all the connected servers that had event 12000 in the last 10 hours Foreach ($Server in (gwpc).ConnectedServersName){Get-WinEvent -FilterHashTable @{LogName=’Microsoft-Windows-WebApplicationProxy/Admin’; ID=12000; StartTime=(Get-Date) – (New-TimeSpan -hour 10)} -ComputerName $Server -ErrorAction SilentlyContinue | group MachineName -NoElement | ft Name -HideTableHeaders }
Show all IP addresses of all servers in the cluster.
1. This will work only if remote management is enabled on all servers using Kerberos
2. Same syntax would work with any command that supports the CimSession parameter
3. New-CimSession can accept admin credentials.
Get-NetIPAddress-CimSession (New-CimSession-ComputerName ((gwpc).ConnectedServersName)) |ftIPAddress