Friday, 9 November 2012

Enable/Disable Claims based authentication in MS Dynamics CRM 2011 using PowerShell

I wrote this script the other day to allow a quicker turn around when switching Dynamics CRM 2011 to use Claims based authentication. We will have quite a few servers in production, so this should make our Hosting guys happy or less miserable anyway.

Note that the cert_name variable needs to be of this form:, OU=dev, O=dev, L=FHS, S=YS, C=GB
param ($cert_name,$federation_url,[bool] $enable)

if (-not($enable) -or -not($cert_name) -or -not($federation_url))
 Write-Host "Script should be invoked like this."
 Write-Host "claims -enable $true -cert_name `", OU=dev, O=dev, L=FHS, S=YS, C=GB`" -federation_url `"`" "

 if ( (Get-PSSnapin -Name Microsoft.Crm.PowerShell -ErrorAction SilentlyContinue) -eq $null )
  Write-Host "Load CRM Snapin" 
  Add-PSSnapin Microsoft.Crm.PowerShell 
 Write-Host "Get Current Claim Settings"
 $claims = Get-CrmSetting -SettingType "ClaimsSettings"
 Write-Host "Set Claim Settings"
 $claims.Enabled = $enable

if ($enable)
  $claims.EncryptionCertificate = $cert_name
  $claims.FederationMetadataUrl = $federation_url
 Write-Host "Save Settings"
 Set-CrmSetting $claims

 Write-Host "Remove CRM Snapin"
 Remove-PSSnapin Microsoft.Crm.PowerShell 
 Write-Host "Configuration Completed"
 Write-Error "An Error Occurred while setting Claim settings"
 Write-Error -Message "Settings have NOT been changed"

No comments:

Post a Comment