Get ADFS product version using PowerShell

ADFS_product_version

In this short arcticle you’re gonna find out how to check ADFS product version on multiple remote servers. Recently I had to scan my environment for auditing purpose. One of the tasks was to compare ADFS service product version.

ADFS product version

To check it on single machine we can use Get-Item cmdlet:

(Get-Item C:\Windows\ADFS\Microsoft.IdentityServer.ServiceHost.exe).VersionInfo.ProductVersion 

It getting a little bit more complicated if you have plenty of severs and they are Server Core edition. Below you can find simple script where you will be prompted to select server list. First it will check if net share is accessible using Test-Path command and at the end results will be saved to CSV file.

#=======================================================================
#Browsing servers list file from desktop location
Add-Type -AssemblyName System.Windows.Forms
$FileBrowser = New-Object System.Windows.Forms.OpenFileDialog
$FileBrowser.filter = "Txt (*.txt)| *.txt"
$FileBrowser.InitialDirectory = "c:\users\$env:username\desktop\"
[void]$FileBrowser.ShowDialog()
 
#Getting servers from txt file
Try{
    $FilePath = $FileBrowser.FileName
    $Servers = Get-Content -Path $FilePath
}
Catch{
    $_.Exception.Message
    Pause
    Break
}
 
#Proceed if file exist
If( !$Servers ){
    Write-Warning "Something went wrong"
    Pause
    Break
}

#=======================================================================
#Setup array
$Report = @()

#=======================================================================
#Looping servers
ForEach ($Server in $Servers) {
    $Server = $Server.Trim()
    Write-Host "Processing $Server" -ForegroundColor Green # -NoNewline
    
    $DNSCheck = $null
    $DNSCheck = ([System.Net.Dns]::GetHostByName(("$Server")))
 
    If(!$DNSCheck){
        Write-Warning "$Server does not exist"
    }
    Else{
        $Status = $Object = $TestPath  = $Product = $null
        #Check if server is accessible
        $TestPath = Test-Path "\\$Server\d$"
        If(!$TestPath){
            $Object = New-Object PSObject -Property ([ordered]@{ 
 
                ServerName              = $Server
                Online                  = "False"
                ProductVersion          = " - "

            })
            $Report += $Object 
        }
        Else{
            $Product = Invoke-Command $Server -ScriptBlock{ (Get-Item "C:\Windows\ADFS\Microsoft.IdentityServer.ServiceHost.exe").VersionInfo.ProductVersion }
            If(!$Product){ $Product = "Query timeout"}
            
            $Object = New-Object PSObject -Property ([ordered]@{ 
 
                ServerName              = $Server
                Online                  = "True"
                ProductVersion          = $Product

            })
            $Report += $Object 
        }
    }
}

If($Report){
    Write-host "`nResults saved on desktop - productversion.csv" -ForegroundColor Yellow
    $Report = $Report  | Sort-object "ProductVersion"
    $Report | Export-Csv -Path C:\users\$env:username\desktop\productversion.csv -NoTypeInformation -Force
    $Report | Format-Table -Wrap -AutoSize
}

Read-Host "Press any key to exit..."
exit

One thought on “Get ADFS product version using PowerShell

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.