I wrote this script the other day to allow a quicker turn around when switching Dynamics CRM 2011 to use Claims based authentication. We will have quite a few servers in production, so this should make our Hosting guys happy or less miserable anyway.
Note that the cert_name variable needs to be of this form:
Note that the cert_name variable needs to be of this form:
CN=server.dev.org, OU=dev, O=dev, L=FHS, S=YS, C=GB
param ($cert_name,$federation_url,[bool] $enable) if (-not($enable) -or -not($cert_name) -or -not($federation_url)) { Write-Host "Script should be invoked like this." Write-Host "claims -enable $true -cert_name `"CN=server.dev.org, OU=dev, O=dev, L=FHS, S=YS, C=GB`" -federation_url `"https://adfs.dev.org/federationmetadata/2007-06/federationmetadata.xml`" " } try { if ( (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue) -eq $null ) { Write-Host "Load CRM Snapin" Add-PSSnapin Microsoft.Crm.PowerShell } Write-Host "Get Current Claim Settings" $claims = Get-CrmSetting -SettingType "ClaimsSettings" Write-Host "Set Claim Settings" $claims.Enabled = $enable if ($enable) { $claims.EncryptionCertificate = $cert_name $claims.FederationMetadataUrl = $federation_url } Write-Host "Save Settings" Set-CrmSetting $claims Write-Host "Remove CRM Snapin" Remove-PSSnapin Microsoft.Crm.PowerShell Write-Host "Configuration Completed" } catch { Write-Error "An Error Occurred while setting Claim settings" Write-Error -Message "Settings have NOT been changed" }
No comments:
Post a Comment