Set-ADFSProperties "EnableExtranetLockout" error in windows server 2008 R2

Question

I am implementing SSO using ADFS 2.0. I am using Windows Server 2008 R2 Standard. Now, I want to restrict the number of attempts that a user gets to log on, to 3. I came across this which suggested me to set up the following three parameters:

• EnableExtranetLockout
• ExtranetLockoutThreshold
• ExtranetObservationWindow

I referred this to register and add ADFS 2.0 snap-in to windows powershell.

However, when I query Get-ADFSProperties, I don't get the three properties I listed above.

Also quite understandably, I get the following error when I execute this command: Set-AdfsProperties -EnableExtranetLockout $true -ExtranetLockoutThreshold 15 -ExtranetObservationWindow ( new-timespan -Minutes 30 )

Error message is:

Set-ADFSProperties : A parameter cannot be found that matches parameter name 'EnableExtranetLockout'.

At line:1 char:42

Set-AdfsProperties -EnableExtranetLockout <<<<  $true -ExtranetLockoutThreshold 15 -ExtranetObservationWindow ( new-timespan -Minutes 30 ) 
CategoryInfo          : InvalidArgument: (:) [Set-ADFSProperties], ParameterBindingException 
FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.IdentityServer.PowerShell.Commands.SetServiceProperties Command

This error has been mentioned here but that doesn't apply in my case cause the properties aren't getting listed in the first place!

I would appreciate any help or suggestion wrt the same.

Thanks!

Answer 1

you need to upgrade to ADFS 2012 R2. The extranet account lockout feature is not present in any builds prior to that.

Cheers, Rhoderick Blog