Get list of disabled ADFS relying parties

If you’re working with ADFS and your environment contains lots of Web Applications, this article might be useful for you. You can be asked at your work to get the list of disabled relying parties from ADFS database, especially in bigger companies. First of all we have to ensure that federation services cmdlets are installed. To get list of available modules you can run the following command:
Get-Module -ListAvailable

Another thing is to provide admin account credentials $Cred to query ADFS web server remotely. Below you can find full script with description of each step.

As a result you can display all URL’s in console, new window or export output into CSV file.


Final script:

    # Get credential
    $Cred = Get-Credential "domain\$env:username"

    # Setup our complex array
    $ComplexArray = @()

    # Query server remotely
    $Urls = Invoke-Command -ComputerName "ADFS01" -ScriptBlock{ Get-ADFSRelyingPartyTrust | Where-Object {$_.Enabled -like "false"} } -Credential $Cred

        # Loop through the URLs
        $Urls | ForEach-Object {
        # Define current loop to variable
        $Url = $_
        # Creating a custom object 
        $Object = New-Object PSObject -Property ([ordered]@{ 
            Name             = $Url.Name           
            Enabled          = $Url.Enabled                
            Identifier       = $Url.Identifier[0]              
        # Add custom object to our array
        $ComplexArray += $Object

        Write-Warning "No results"

        # To view output in console
        $ComplexArray | Format-Table -AutoSize -Wrap

        # To view output in new window
        $ComplexArray | Out-GridView -Title "Disabled RP's"
        # To export to CSV
        $ComplexArray | Export-Csv -Path C:\temp\results.csv -Force -NoTypeInformation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.