I don’t know about your habits, but one of mine is filling my PowerShell profile with all kinds of good stuff. Here are a few of my favorites for ADFS.
function Copy-ADFSClaimRules
{
[CmdletBinding()]
Param
(
# Param1 help description
[Parameter(Mandatory=$true,
ValueFromPipeline=$false,
Position=0)]
[string] $SourceRelyingPartyTrustName,
[Parameter(Mandatory=$true,
ValueFromPipeline=$false,
Position=1)]
[string] $DestinationRelyingPartyTrustName
)
Begin
{
}
Process
{
$SourceRPT = Get-AdfsRelyingPartyTrust -Name $SourceRelyingPartyTrustName
$DestinationRPT = Get-AdfsRelyingPartyTrust -Name $DestinationRelyingPartyTrustName
if(!$SourceRPT) {
Write-Error "Could not find $SourceRelyingPartyTrustName"
} elseif(!$DestinationRPT) {
Write-Error "Could not find $DestinationRelyingPartyTrustName"
}
Set-AdfsRelyingPartyTrust -TargetRelyingParty $DestinationRPT -IssuanceTransformRules $SourceRPT.IssuanceTransformRules -IssuanceAuthorizationRules $SourceRPT.IssuanceAuthorizationRules -DelegationAuthorizationRules $SourceRpT.DelegationAuthorizationRules
}
End
{
}
}
function Get-AdfsTokenSigningThumbprint
{
[CmdletBinding()]
Param
(
# Param1 help description
[Parameter(Mandatory=$true,
ValueFromPipelineByPropertyName=$false,
Position=0)]
$ADFS
)
Begin
{
}
Process
{
$metadata = Invoke-RestMethod -Uri ("https://{0}/FederationMetadata/2007-06/FederationMetadata.xml" -f $ADFS)
$tempfile = "{0}\adfsTempCert.cer" -f $env:temp
$metadata.EntityDescriptor.Signature.KeyInfo.X509Data.X509Certificate | Set-Content -Path $tempfile
$cert = (New-Object System.Security.Cryptography.X509Certificates.X509Certificate2)
$cert.Import($tempfile)
return $cert.Thumbprint
}
End
{
}
}
function Copy-AdfsRelyingPartyTrust
{
[CmdletBinding()]
[OutputType([int])]
Param
(
[Parameter(Mandatory=$true,
ValueFromPipeline=$false,
Position=0)]
$SourceRelyingPartyTrustName,
[Parameter(Mandatory=$true,
ValueFromPipeline=$false,
Position=1)]
$NewRelyingPartyTrustName,
[Parameter(Mandatory=$true,
ValueFromPipeline=$false,
Position=2)]
$NewRelyingPartyTrustIdentifier
)
Begin
{
}
Process
{
$SourceRelyingPartyTrust = Get-AdfsRelyingPartyTrust -Name $SourceRelyingPartyTrustName
$exceptedAttributes = @("ConflictWithPublishedPolicy","OrganizationInfo","ProxyEndpointMappings","LastUpdateTime","PublishedThroughProxy","LastMonitoredTime")
$parameters = @{}
$SourceRelyingPartyTrust | Get-Member -MemberType Property | where{$_.name -notin $exceptedAttributes} | foreach {
if($SourceRelyingPartyTrust.($_.Name) -ne $null) {
$parameters[$_.Name] = $SourceRelyingPartyTrust.($_.Name)
}
}
$parameters.Name = $NewRelyingPartyTrustName
$parameters.Identifier = $NewRelyingPartyTrustIdentifier
Add-AdfsRelyingPartyTrust @parameters
}
End
{
}
}
Good Workaround! 