ADFSFarm: Install ADFS Farm without Domain Admins privileges

anorstrom commented 3 years ago

Details of the scenario you tried and the problem that is occurring

We would like to install our ADSF Farm without Domain Admins privileges, following the procedure Microsoft provides in https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/install-ad-fs-delegated-admin.

We would first manually pre-create an ADFS Farm in Active Directory following these instructions https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/install-ad-fs-delegated-admin#prepare-ad-1

We would then like to use AdfsDsc, and teh ADFSFarm resource, to create the ADFS Farm like it is being done in https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/install-ad-fs-delegated-admin#create-the-ad-fs-farm-1. This method requires the parameter -AdminConfiguration, which is currently not supported in AdfsDsc.

Verbose logs showing the problem

The DSC configuration that is used to reproduce the issue (as detailed as possible)

The operating system the target node is running

Version and build of PowerShell the target node is running

Version of the DSC module that was used

X-Guardian commented 3 years ago

Hi @anorstrom, I have raised PR #43 to add the AdminConfiguration property to the AdfsFarm resource. Can you test this for me before I merge? Please see AdfsFarm_gMSA_SQL_Integrated_Delegated_Admin_Config for an example showing the AdminConfiguration property in use.

anorstrom commented 3 years ago

Thank you @X-Guardian !

I've tested in our Dev and it works good. We use ADFS with WID though, so I didn't test the SQL configuration, but that should not change anything for this switch I think.

X-Guardian commented 3 years ago

@anorstrom, I've release AdfsDsc v1.1.0 to the PowerShell Gallery which includes this change.

X-Guardian / AdfsDsc