Active Directory Federation Services: Offline tools
The Active Directory Federation Services (AD FS) community and team created multiple tools that are available for download. You have different options to expand your toolbox that range from PowerShell scripts to standalone applications. This comprehensive list describes the downloadable tools that are currently available. Tooling is an ongoing effort, so check back here for updates.
Offline tools available
The following table provides a list of the available tools that were previously on the AD FS Help site.
| Tool | Description |
|---|---|
| AD FS Events Module | This module provides tools for gathering related AD FS events from the security, admin, and debug logs, across multiple servers. This tool also allows the user to reconstruct the HTTP request/response headers from the logs. |
| AD FS style sign-in page | Custom theme allows your AD FS sign-in page to look like the Microsoft Entra ID sign-in screen. |
| AD FS sign-in page telemetry using App Insights | Adds telemetry for things like prompt rate and sign-in reliability. |
| Username/Password second factor | This adapter enables performing username/password authentication as multifactor authentication (MFA). |
| AD FS web customizations from our community | A collection of community web customizations. |
| MFA Page Loading Wheel | Is your MFA provider slow to react to user input? Add this waiting wheel to your AD FS customization to provide feedback to the user. |
| Diagnostics Module | PowerShell script to do basic health checks against AD FS. Determines if AD FS is in a healthy state. |
| WID Sync | PowerShell script to force a full Windows Internal Database (WID) sync to an AD FS secondary node. |
| Change AD FS Service Account Module | PowerShell module that allows the AD FS service account to be changed. Such functionality might be especially useful if the current service account is compromised. |
| AD FS Automated User Interface Testing | Testing infrastructure for automated browser testing against AD FS. |
| AD FS Risk Assessment Model Sample – Risky IP Plug-in | Build your own plug-ins to block or assign a risk score to authentication requests. This sample plug-in blocks authentication requests for risky IPs. |
| AD FS Risk Assessment Model Sample – Risky User Plug-in | Build your own plug-in that uses user risk level determined by Microsoft Entra ID Protection to block authentication or enforce MFA. |
| AD FS Rapid Restore Tool | AD FS Rapid Restore Tool can be used to restore an AD FS farm or stand up an identical one for testing. Use it for anything from backups to duplicating your environment for preproduction testing. |