Get “User Rights Assignment” security policy settings

Recently I had to check if adfssvr account is present in “Generate security audits” policy settings. As I’m working in large scale environment and mostly on server cores it was obvious that it needs to be done by script. User Rights Assignment Below you can find list of user rights. In this example we will focus on SeAuditPrivilege – Generate security audits. More info about user rights – link. To …

Export command output into two columns CSV file

Recently I was looking for easy way to export output into two columns CSV file. Finding solution for this was a little bit difficult because some values of the properties were another objects or they were for example data.table types. Below you will find how to do this based on one of the ADFS module commands. Get-AdfsRelyingPartyTrust The Get-ADFSRelyingPartyTrust cmdlet retrieves the relying party trusts in the Federation Service. You …

Use PowerShell to generate token bloat report

Today you will find out how to create token bloat report and send it to specified email address. If you are working in large scale environment you may find this useful. There is often a situation when some user is complaining that he is unable to access some corporate applications. After short investigation you can find that one of the reason for that might be large number of group membership. …

Get ADFS relying parties signing certificates

Today I want to show you how to check relying party signing certificates. If you working in large scale ADFS environment where you have huge amount of relying parties it might be difficult to check lots of thing manually. This is why you are forced to use ADFS cmdlets available on microsoft pages – link. In this article you will find out how to check signing certificates using PowerShell function. …

How to check Web Application Pools status and restart IIS remotely on multiple servers?

During work in large scale ADFS environment there is often situation when you are forced to quickly restart IIS on multiple machines. Of course you won’t spend whole day doing this manually. In this article I would like to share one of my scripts which will help to determine the status of Web Application Pools and then restart IIS if needed. On the beginning of this script I added some …

Pull server name from ADFS eventlog and check LDAP connection

When it comes to ADFS, network connectivity to the global catalog servers is one of the most important aspects. You may often see in ADFS logs that LDAP server returned a specific error when it was queried or it’s even unresponsive. As an engineer you need to determine either its temporary network connectivity problem or maybe something wrong with one of your Domain Controllers. I also had this problem so …

Get list of disabled ADFS relying parties

If you’re working with ADFS and your environment contains lots of Web Applications, this article might be useful for you. You can be asked at your work to get the list of disabled relying parties from ADFS database, especially in bigger companies. First of all we have to ensure that federation services cmdlets are installed. To get list of available modules you can run the following command: Get-Module -ListAvailable Another …