Friday 9 November 2012

Enable/Disable Claims based authentication in MS Dynamics CRM 2011 using PowerShell

I wrote this script the other day to allow a quicker turn around when switching Dynamics CRM 2011 to use Claims based authentication. We will have quite a few servers in production, so this should make our Hosting guys happy or less miserable anyway.

Note that the cert_name variable needs to be of this form: 
CN=server.dev.org, OU=dev, O=dev, L=FHS, S=YS, C=GB
param ($cert_name,$federation_url,[bool] $enable)

if (-not($enable) -or -not($cert_name) -or -not($federation_url))
{
 Write-Host "Script should be invoked like this."
 Write-Host "claims -enable $true -cert_name `"CN=server.dev.org, OU=dev, O=dev, L=FHS, S=YS, C=GB`" -federation_url `"https://adfs.dev.org/federationmetadata/2007-06/federationmetadata.xml`" "
}

try
{
 if ( (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue) -eq $null )
 {
  Write-Host "Load CRM Snapin" 
  Add-PSSnapin Microsoft.Crm.PowerShell 
 }
 
 Write-Host "Get Current Claim Settings"
 $claims = Get-CrmSetting -SettingType "ClaimsSettings"
 
 Write-Host "Set Claim Settings"
 $claims.Enabled = $enable

if ($enable)
 { 
  $claims.EncryptionCertificate = $cert_name
  $claims.FederationMetadataUrl = $federation_url
 }
 Write-Host "Save Settings"
 
 Set-CrmSetting $claims

 Write-Host "Remove CRM Snapin"
 Remove-PSSnapin Microsoft.Crm.PowerShell 
 
 Write-Host "Configuration Completed"
}
catch
{
 Write-Error "An Error Occurred while setting Claim settings"
 Write-Error -Message "Settings have NOT been changed"
}

No comments:

Post a Comment