타. Active Directory Federation 서비스

DC

Add-KdsRootKey -EffectiveTime (Get-Date).AddHours(-10)
New-ADServiceAccount -Name adfssvc -DNSHostName adfs.corp.com

SRV1

Install-WindowsFeature adfs-federation -IncludeManagementTools

copy \\\\192.168.0.1\\C$\\Users\\Administrator\\wildcard.pfx .
Import-PfxCertificate .\\wildcard.pfx -CertStoreLocation Cert:\\LocalMachine\\My -Password (ConvertTo-SecureString "Skill39**" -AsPlainText -Force)
gpupdate /force

$thumb = Get-Item Cert:\\LocalMachine\\My\\* | Where Subject -eq "CN=*.corp.com" | Select-Object -ExpandProperty Thumbprint
Install-AdfsFarm -CertificateThumbprint $thumb -FederationServiceName adfs.corp.com -GroupServiceAccountIdentifier CORP\\adfssvc$ -FederationServiceDisplayName "CORP Federation" -OverwriteConfiguration
Add-AdfsRelyingPartyTrust -Name CORP -Metadataurl <https://adfs.corp.com/federationmetadata/2007-06/federationmetadata.xml>

SRV2

Install-WindowsFeature adfs-federation -IncludeManagementTools

copy \\\\192.168.0.1\\C$\\Users\\Administrator\\wildcard.pfx .
Import-PfxCertificate .\\wildcard.pfx -CertStoreLocation Cert:\\LocalMachine\\My -Password (ConvertTo-SecureString "Skill39**" -AsPlainText -Force)
gpupdate /force

$thumb = Get-Item Cert:\\LocalMachine\\My\\* | Where Subject -eq "CN=*.corp.com" | Select-Object -ExpandProperty Thumbprint
Add-AdfsFarmNode -PrimaryComputerName SRV1.corp.local -GroupServiceAccountIdentifier CORP\\adfssvc$ -CertificateThumbprint $thumb -OverwriteConfiguration
Set-AdfsSyncProperties -PollDuration 10
Restart-Service adfssrv