Dynamics 365 for CRM通过Microsoft PowerShell修改ADFS的过期时间实现延长CRM的过期时间

Dynamics 365 for CRM：修改ADFS的过期时间，TokenLifetime

通过Microsoft PowerShell修改ADFS的过期时间实现延长CRM的过期时间 To change the timeout value, you will need to update the TokenLifetime value. This is achieved using PowerShell. Before you open PowerShell, you will need to find the name of each Relying Party. 1、Check the TokenLifetime value. This number represents minutes Get-ADFSRelyingPartyTrust -Name “Relying Party Trusts Display Name(如：crmauth.doamian.com)” 2、Set the TokenLifetime to the new value (8 hours = 480) Set-ADFSRelyingPartyTrust -Targetname “Relying Party Trusts Display Name(如：crmauth.doamian.com)” -TokenLifetime 480 3、Repeat this step for each relying party(如：crminternal.domain.com)

比如我这个项目CRM项目： 　Get-ADFSRelyingPartyTrust -Name “auth.dyjtcrm.com” Set-ADFSRelyingPartyTrust -Targetname “auth.dyjtcrm.com” -TokenLifetime 480

Get-ADFSRelyingPartyTrust -Name “internalcrm.dyjtcrm.com” Set-ADFSRelyingPartyTrust -Targetname “internalcrm.dyjtcrm.com” -TokenLifetime 480

powershell执行 Get-ADFSRelyingPartyTrust -Name “auth.dyjtcrm.com” 返回如下结果： AllowedAuthenticationClassReferences : {} EncryptionCertificateRevocationCheck : CheckChainExcludeRoot PublishedThroughProxy : False SigningCertificateRevocationCheck : CheckChainExcludeRoot WSFedEndpoint : https://auth.dyjtcrm.com:446/ AdditionalWSFedEndpoint : {} ClaimsProviderName : {} ClaimsAccepted : {, , } EncryptClaims : True Enabled : True EncryptionCertificate : [Subject] CN=*.dyjtcrm.com

[Issuer] CN=*.dyjtcrm.com [Serial Number] 7C11115FB0C984BD42DABB0119C863C2 [Not Before] 2019/8/19 17:22:43 [Not After] 2022/8/19 17:32:43 [Thumbprint] 3DD9EC315A2C3D1C49CFC9BFDE15E64B5C823B5A

Identifier : {https://auth.dyjtcrm.com:446/, https://dev.dyjtcrm.com:446/, https://dy.dyjtcrm .com:446/} NotBeforeSkew : 0 EnableJWT : False AlwaysRequireAuthentication : False Notes : OrganizationInfo : ObjectIdentifier : d52b79bd-02bf-e911-a128-005056bd3a2b ProxyEndpointMappings : {} ProxyTrustedEndpoints : {} ProtocolProfile : WsFed-SAML RequestSigningCertificate : {} EncryptedNameIdRequired : False SignedSamlRequestsRequired : False SamlEndpoints : {} SamlResponseSignature : AssertionOnly SignatureAlgorithm : http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 TokenLifetime : 0 AllowedClientTypes : Public, Confidential IssueOAuthRefreshTokensTo : AllDevices RefreshTokenProtectionEnabled : True RequestMFAFromClaimsProviders : False ScopeGroupId : Name : auth.dyjtcrm.com AutoUpdateEnabled : True MonitoringEnabled : True MetadataUrl : https://auth.dyjtcrm.com:446/FederationMetadata/2007-06/FederationMetadata.xml ConflictWithPublishedPolicy : False IssuanceAuthorizationRules : IssuanceTransformRules : @RuleTemplate = “PassThroughClaims” @RuleName = “Pass Through UPN” c:[Type == “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn”] => issue(claim = c);

@RuleTemplate = "PassThroughClaims" @RuleName = "Pass Through Primary SID" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] => issue(claim = c); @RuleTemplate = "MapClaims" @RuleName = "Transform Windows Account Name to Name" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccou ntname"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", I ssuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

DelegationAuthorizationRules : LastPublishedPolicyCheckSuccessful : True LastUpdateTime : 2019/8/20 9:34:18 LastMonitoredTime : 2019/8/21 9:34:30 ImpersonationAuthorizationRules : AdditionalAuthenticationRules : AccessControlPolicyName : 允许所有人 AccessControlPolicyParameters : ResultantPolicy : RequireFreshAuthentication:False IssuanceAuthorizationRules: { 允许所有人 } 执行Set-ADFSRelyingPartyTrust -Targetname “auth.dyjtcrm.com” -TokenLifetime 480 之后 再用Get-ADFSRelyingPartyTrust -Name “auth.dyjtcrm.com” 查看会发现TokenLifetime 变成了480

用同样的方法操作 internalcrm.dyjtcrm.com

另外今天去阿里云上查找优惠折扣服务器，发现通过下面这个链接购买阿里云ECS服务器，才3折起： https://promotion.aliyun.com/ntms/act/qwbk.html?spm=5176.11533457.1089570.29.337277e3dNlZxx&userCode=u6huwxpy 直接进入阿里云去购买是拿不到折扣的，但是通过上面的活动折扣链接是可以打折的。有兴趣的朋友，可以通过打开上面的链接进入网站了解一下。

本人是一名微软Dynamics 365 for CRM 自由顾问，本人熟悉不同版本的微软crm系统的安装部署，系统自定义配置和开发，数据迁移，系统升级等操作。熟悉的dynamics版本包括：Dynamics CRM 4.0、Dynamics CRM 2011、Dynamics CRM 2013、Dynamics CRM 2015、Dynamics CRM 2016、Dynamics 365。

本人可以为您提供以下服务或者合作： 1、DYNAMICS 365 for CRM 产品安装、部署、技术架构搭建、产品技术开发、系统配置。CRM的项目需求调研、分析、蓝图设计、系统详细设计、系统构建、测试、培训、上线、推广、运维等服务。 2、提供DYNAMICS 365 for CRM 证书认证考试培训，微软Dynamics 365实施合作伙伴的加盟指导。 3、CRM行业市场研究分析报告。 4、DYNAMICS 365 for CRM 技术咨询和支持服务。 5、提供DYNAMICS 365 产品的培训和技术指导等服务。 商务合作第二，交朋友第一，请保留本人联系方式，以备急需，我的微信是：79925300