# 启用保持登录状态Set-AdfsProperties -KmsiEnabled:$true# 启用更改密码Enable-AdfsEndpoint "/adfs/portal/updatepassword/"Set-AdfsEndpoint "/adfs/portal/updatepassword/" -Proxy:$trueRestart-Service AdfsSrv -Force# 启用Office 365密码过期通知$msolId = "urn:federation:MicrosoftOnline"$rptName = "Microsoft Office 365 Identity Platform"$rptRules = (Get-AdfsRelyingPartyTrust -Identifier $msolId).IssuanceTransformRules$newRule = '@RuleTemplate = "LdapClaims" @RuleName = "UPN Claim Rule" c1:[Type == "http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime"] => issue(store = "_PasswordExpiryStore", types = ("http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime","http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays","http://schemas.microsoft.com/ws/2012/01/passwordchangeurl"), query = "{0};", param = c1.Value);'$rptRules = $rptRules + $newRuleSet-AdfsRelyingPartyTrust -TargetName $rptName -IssuanceTransformRules $rptRules# 以下命令将配置Extranet锁定保护,以在15次失败的登录后将用户锁定10分钟,并允许从PDC模拟器以外的DC检索失败的登录计数Set-AdfsProperties -EnableExtranetLockout:$true -ExtranetLockoutThreshold 15 -ExtranetObservationWindow (New-TimeSpan -Minutes 10) -ExtranetLockoutRequirePDC $false# 在新服务器上执行,更改令牌证书有效期Set-AdfsProperties -Certificateduration 1827Update-AdfsCertificate -CertificateType Token-Decrypting -UrgentUpdate-AdfsCertificate -CertificateType Token-Signing -Urgent# 启动ADFS身份验证log记录Set-ADFSProperties –LogLevel Information,Errors,Verbose,Warnings,FailureAudits,SuccessAudits
若有收获,就点个赞吧
0 人点赞
