Determining ADFS 2.0 Configuration Type through PowerShell

Question

ADFS 2.0 can be configured with the following mode Standalone, Farm, SQLFarm.

As part of a diagnostic workflow, I need to check this. The command Get-ADFSConfiguration provides a wealth of information; however, there's is no explicit property regarding config type. Upon further investigation, the type Standlalone, Farm, SQLFarm actually refer to xml files in ADFS directory.

What's the best way to determine ADFS 2.0 configuration type through powershell?

Answer 1

The assumption is wrong. Don't use this code. See https://social.msdn.microsoft.com/Forums/sqlserver/en-US/7d5dee92-53ca-4cc5-bd02-d30833c4b94b/is-my-existing-adfs-a-standalone-or-a-single-server-farm-topology?forum=Geneva

You need to check to see what service logon account is being used and then if not network service, the it's in farm mode and you can check the artifactdbconnection.

Here's what I'm using instead...

Function Get-ADFSConfigurationType
{
if ((Test-CommandExists "Get-ADFSConfiguration") -ne $true)
{
    return 'Not Installed'
}

# get the localized form of 'NT AUTHORITY\NETWORK SERVICE'
$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-20") # NT AUTHORITY\NETWORK SERVICE
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) 
$networkserviceLocalizedName = $objUser.Value 

$adfsServiceLogonName = (Get-WmiObject -ComputerName '.' Win32_Service | where {$_.Name -eq 'adfssrv'} | Select StartName).StartName

if ($adfsServiceLogonName -eq $networkserviceLocalizedName)
{
    # ADFS is configured in standalone mode if it is running under NT AUTHORITY\NETWORK SERVICE
    return 'Standalone';
}

if ($adfsServiceLogonName -eq 'LocalSystem')
{
    # ADFS should not be run under Local System
    # 'LocalSystem' is the same across all locales
    return 'Error ADFSSRV Logon is LocalSystem';
}

try
{
    $conf = Get-ADFSConfiguration;
}
catch
{
    return 'Error Calling Get-ADFSConfiguration'
}

if ( $conf.ArtifactDbConnection -like "*\\.\pipe\*" )
{
    # ADFS uses a Windows Internal Database, it's a Farm configuration
    return 'Farm';
}
else
{
    # ADFS is configured for SQLFarm
    return 'SQLFarm';
}    
}

Answer 2

Updated: This is a naïve solution. Please follow the approved answeer.

Function Get-ADFSConfigurationType
{
    $conf = Get-ADFSConfiguration;

    if ( $conf.CertificateSharingContainer -eq $null )
    {
        # ADFS is configured in standalone mode.
        return 'Standalone';
    }

    if ( $conf.ArtifactDbConnection -like "*\\.\pipe\*" )
    {
        # ADFS uses a Windows Internal Database, it's a Farm configuration
        return 'Farm';
    }
    else
    {
        # ADFS is configured for SQLFarm
        return 'SQLFarm';
    }   
}