Edit: have updated the script

This is a PowerShell script I use as a template when building WAP instances.

Essentially, either edit variables in the script or use the read-host option. I prefer the set variables but the read-host is handy… well, it was once…

# Collect URLS & Ports
 $URL = read-host "Domain Name?"

Write-Host -ForegroundColor Yellow "Specify hostnames for each service"

$TenantSite = read-host "Tenant host? (i.e. wap)"
 $TenantAuth = read-host "TenantAuth host? (i.e. waplogon)"
 $AdminSite = read-host "Admin host? (i.e. wapadmin)"
 $AdminAuth =  read-host "AdminAuth host? (i.e. wapauth)"

$WAPDB = read-host WAP DB Server?
 $SAPass = read-host "SA Password"

# Build "URL"
 $TenantSiteURL=$TenantSite + "." + $URL
 $AdminSiteURL=$AdminSite + "." + $URL
 $TenantAuthURL=$TenantAuth + "." + $URL
 $AdminAuthURL=$AdminAuth + "." + $URL

#Run on Tenant Site (MgmtSvc-TenantSite)
 Import-Module -Name MgmtSvcConfig
 $ConnectionString = "Data Source=$WAPDB;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=$SAPass"
 Set-MgmtSvcFqdn -Namespace "TenantSite" -FullyQualifiedDomainName "$TenantSiteURL" -Port 443 -Server $WAPDB
 Set-MgmtSvcRelyingPartySettings -Target Tenant -MetadataEndpoint "https://$TenantAuthURL/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString $ConnectionString DisableCertificateValidation

#Run on Tenant Auth Site (MgmtSvc-AuthSite)
 Import-Module -Name MgmtSvcConfig
 $ConnectionString = "Data Source=$WAPDB;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=P@ssw0rd"
 Set-MgmtSvcFqdn -Namespace "AuthSite" -FullyQualifiedDomainName "$TenantAuthURL" -Port 443 -Server $WAPDB
 Set-MgmtSvcIdentityProviderSettings -Target Membership -MetadataEndpoint "https://$TenantSiteURL/FederationMetadata/2007-06/FederationMetadata.xm" -ConnectionString $ConnectionString DisableCertificateValidation

#Run on Admin Site (MgmtSvc-AdminSite)
 Import-Module -Name MgmtSvcConfig
 $ConnectionString = "Data Source=$WAPDB;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=$SAPass"
 Set-MgmtSvcFqdn -Namespace "AdminSite" -FullyQualifiedDomainName "$AdminSiteURL" -Port 443 -Server $WAPDB
 Set-MgmtSvcRelyingPartySettings -Target Admin -MetadataEndpoint "https://$AdminAuthURL/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString $ConnectionString -DisableCertificateValidation

#Run on Admin Auth Site (MgmtSvc-WindowsAuthSite)
 Import-Module -Name MgmtSvcConfig
 $ConnectionString = "Data Source=$WAPDB;Initial Catalog=Microsoft.MgmtSvc.Config;User ID=sa;Password=P@ssw0rd"
 Set-MgmtSvcFqdn -Namespace "WindowsAuthSite" -FullyQualifiedDomainName "$AdminAuthURL" -Port 443 -Server $WAPDB
 Set-MgmtSvcIdentityProviderSettings -Target Windows -MetadataEndpoint "https://$AdminSiteURL/FederationMetadata/2007-06/FederationMetadata.xml" -ConnectionString $ConnectionString DisableCertificateValidation

iisreset

Enjoy!

Dan

Daniel Apps

Hi, I'm Daniel Apps — AI platform enthusiast, unapologetic infrastructure nerd, and dad to two small humans. I write about infrastructure, AI industry topics, and the real-world chaos of modern IT.

More about me →

s