12. Active Directory Federation 서비스

DC

Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)
New-ADServiceAccount -Name adfssvc -DNSHostName adfs.corp.com

SRV1

Install-WindowsFeature adfs-federation -IncludeManagementTools
gpupdate /force
$Cert = Import-PfxCertificate \\\\192.168.0.1\\C$\\Users\\Administrator\\wildcard.pfx -CertStoreLocation Cert:\\LocalMachine\\My\\ -Password (ConvertTo-SecureString "Skill39**" -AsPlainText -Force)
ls Cert:\\LocalMachine\\My\\
install-adfsfarm -CertificateThumbprint $Cert.Thumbprint -FederationServiceName adfs.corp.com -FederationServiceDisplayName "CORP Federation" -GroupServiceAccountIdentifier CORP\\adfssvc$ -OverwriteConfiguration
Add-AdfsRelyingPartyTrust -Name CORP -Metadataurl <https://adfs.corp.com/federationmetadata/2007-06/federationmetadata.xml>

SRV2

Install-WindowsFeature adfs-federation -IncludeManagementTools
gpupdate /force
$Cert = Import-PfxCertificate \\\\192.168.0.1\\C$\\Users\\Administrator\\wildcard.pfx -CertStoreLocation Cert:\\LocalMachine\\My\\ -Password (ConvertTo-SecureString "Skill39**" -AsPlainText -Force)
ls Cert:\\LocalMachine\\My\\
Add-AdfsFarmNode -CertificateThumbprint $Cert.Thumpbprint -GroupServiceAccountIdentifier CORP\\adfssvc$ -PrimaryComputerName SRV1.corp.local -OverwriteConfiguration
Set-AdfsSyncProperties -PollDuration 10
Restart-Service adfssrv -PassThru