guglassociates.blogg.se - Ruby windows install without admin rights

#Ruby windows install without admin rights password

PS:\>Set-ADServiceAccount -Identity fsgmsaacct -PrincipalsAllowedToRetrieveManagedPassword add=$, $) -PrincipalsAllowedToDelegateToAccount add=$, $) PS:\>$adfsnodecomputeracct = get-adcomputer "contoso_adfs_node" PS:\>$localadminobj = get-aduser "localadmin"

#Ruby windows install without admin rights password

Note that the local computer account and the AD FS admin account need to be granted retrieve password and delegate to account rights on the gMSA. Using a gMSA as the AD FS Service Account Prepare AD PS:\>$adminConfig=(.\New-AdfsDkmContainer.ps1 -ServiceAccount contoso\FsGmsaAcct$ -AdfsAdministratorAccount contoso\localadmin)ĬN=8065f653-af9d-42ff-aec8-56e02be4d5f3,CN=ADFS,CN=Microsoft,CN=Program Data,DC=contoso,DC=com PS:\>Install-AdfsFarm -CertificateThumbprint 270D041785C579D75C1C981DA0F9C36ECFDB65E0 -FederationServiceName "fs." -ServiceAccountCredential $svcCred -Credential $localAdminCred -OverwriteConfiguration -AdminConfiguration $adminConfig -Verbose Next, create the farm: PS:\>$svcCred = (get-credential) PS:\>$adminConfig = Data,DC=contoso,DC=com"} On the federation server as a local admin, execute the following in an elevated PowerShell command window.įirst, if the federation server admin is not using the same PowerShell session as the above domain admin, re-create the adminConfig object using the output from the above. Sample Output $adminconfig.DkmContainerDNĬN=9530440c-bc84-4fe6-a3f9-8d60162a7bcf,CN=ADFS,CN=Microsoft,CN=Program Data,DC=contoso,DC=com Run the following as domain administrator PS:\>$adminConfig=(.\New-AdfsDkmContainer.ps1 -ServiceAccount contoso\fssvcacct -AdfsAdministratorAccount contoso\localadmin) Using a domain account as AD FS Service Account Prepare AD

$localAdminCred is the credentials of the local (non DA) admin account on the federation server.

$svcCred is the credentials of the AD FS service account.

Contoso\FsGmsaAcct$ is a gMSA account that will be the AD FS service account.

Contoso\FsSvcAcct is a domain account that will be the AD FS service account.

Contoso\localadmin is a non-Domain Admin builtin admin on the federation server.

On the federation server, execute the Install-AdfsFarm cmdlet while logged on as a local administrator, passing the object from #2 above as the AdminConfiguration parameter.

The script will return an AdminConfiguration object containing the DN of the newly created AD object.

As Domain Administrator, run the script (or create the Active Directory objects and permissions manually).The script below in this article can be used to prepare AD. Starting with AD FS in Windows Server 2016, you can run the cmdlet Install-AdfsFarm as a local administrator on your federation server, provided your Domain Administrator has prepared Active Directory. Applies to: Windows Server 2022, Windows Server 20 Overview