Add-AdfsLocalClaimsProviderTrust
Add-AdfsLocalClaimsProviderTrust is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.
Synopsis
Creates a local claims provider trust.
Description
The Add-AdfsLocalClaimsProviderTrust cmdlet creates a local claims provider trust. This trust is based on a Lightweight Directory Access Protocol (LDAP) v3 compliant directory other than the Active Directory domain of which the Active Directory Federation Services (AD FS) server is a member. This includes other, untrusted, Active Directory forests or domains, Active Directory Lightweight Directory Services directories, and non-Active Directory LDAP directories.
Parameters
-AcceptanceTransformRules
Specifies the set of claim rules to configure on the local claims provider trust. These rules determine the information that is accepted from the partner represented by the local claims provider trust.
Required? false
Position? named
Default value none
Accept pipeline input? true(ByPropertyName)
Accept wildcard characters? false
-AcceptanceTransformRulesFile <String>
Specifies the full path of a file that contains the set of claim rules to configure on the local claims provider trust.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-AnchorClaimLdapAttribute <String>
Specifies the LDAP attribute to which the user name that the user enters isl be matched to find the correct user account in the LDAP directory.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-AnchorClaimType <String>
Specifies the claim type of the anchor claim in AD FS.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Enabled <Boolean>
Indicates whether the trust is enabled.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Force <SwitchParameter>
Forces the command to run without asking for user confirmation.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Identifier <String>
Specifies the ID, as a URI, of the claims provider trust.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LdapAttributeToClaimMapping <LdapAttributeToClaimMapping[]>
Specifies a mapping of LDAP directory attributes to claim types. Each mapping causes an AD FS claim with the corresponding claim type and LDAP attribute value to be available for AD FS processing rules. To obtain a mapping, use the New-AdfsLdapAttributeToClaimMapping cmdlet.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LdapAuthenticationMethod <LdapAuthenticationMethod>
Specifies the authentication method the local claims provider trust uses. In Windows Server 2016, the only supported method is Basic (username/password).
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-LdapServerConnection <LdapServerConnection[]>
Specifies an array of LDAP server connections that the claims provider trust uses. To obtain an LdapServerConnection object, use the New-AdfsLdapServerConnection cmdlet.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Name <String>
Specifies a name for the local claims provider trust.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Notes <String>
Specifies notes.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-OrganizationalAccountSuffix <String[]>
Specifies an array of organizational account suffixes that administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-PassThru <SwitchParameter>
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Type <String>
Specifies the type of the claims provider trust. The acceptable values for this parameter are: ActiveDirectory and LDAP.
Required? false
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-UserContainer <String>
Specifies a user container.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-UserObjectClass <String>
Specifies a user object class.
Required? true
Position? named
Default value none
Accept pipeline input? false
Accept wildcard characters? false
-Confirm <SwitchParameter>
Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf <SwitchParameter>
Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value false
Accept pipeline input? false
Accept wildcard characters? falseSyntax
Add-AdfsLocalClaimsProviderTrust -Name <String> -Identifier <String> [-AcceptanceTransformRules <String>] [-AcceptanceTransformRulesFile <String>] [-Enabled <Boolean>] [-Notes <String>] [-OrganizationalAccountSuffix <String[]>] [-Force] [-Type <String>] [-PassThru] [-WhatIf] [-Confirm] -LdapServerConnection <LdapServerConnection[]> -UserObjectClass <String> -UserContainer <String> -AnchorClaimLdapAttribute <String> -AnchorClaimType <String> [-LdapAuthenticationMethod <LdapAuthenticationMethod>] [-LdapAttributeToClaimMapping <LdapAttributeToClaimMapping[]>] [<CommonParameters>]
—————-Example 1—————-
Create an LDAP local claims provider trust
PS C:>$Credential = Get-Credential
PS C:\ > $LdapConn = New-AdfsLdapServerConnection -HostName “DC.TOSSolution.com” -Port 389 -SslMode None -AuthenticationMethod Basic -Credential $Credential
PS C:\ > $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute “displayName” -ClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname”
PS C:> Add-AdfsLocalClaimsProviderTrust -Name “testldap” -Identifier “urn:testldap” -Type ldap -LdapServerConnection $LdapConn -UserObjectClass user -UserContainer “CN=Users,DC=,DC=,DC=com” -LdapAuthenticationMethod Basic -AnchorClaimLdapAttribute userPrincipalName -AnchorClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn” -AcceptanceTransformRules “c:[] => issue(claim=c);” -Enabled $True [-OrganizationalAccountSuffix “TSQA.TOSSolution.com” – LdapAttributeToClaimMapping $DisplayName]
The first command prompts you for a user name and password by using the Get-Credential cmdlet. The command stores the results in the $Credential variable.
The second command creates an LDAP connection by using the New-AdfsLdapServerConnection cmdlet. DC.TOSSolution.com is the fully qualified domain name of a domain controller in the other forest. The command stores the result in the $LdapConn variable.
The third command creates a mapping of an LDAP directory attribute to a claim type by using the New-AdfsLdapAttributeToClaimMapping cmdlet.
The final command creates an LDAP claims provider trust to authenticate users in another, untrusted Active Directory forest.
You can check the Version, CommandType and Source of this cmdlet by giving below command.
Get-Command Add-AdfsLocalClaimsProviderTrust
You can also read about
- Disable-AdfsLocalClaimsProviderTrust
- Enable-AdfsLocalClaimsProviderTrust
- Get-AdfsLocalClaimsProviderTrust
- New-AdfsLdapAttributeToClaimMapping
- Remove-AdfsLocalClaimsProviderTrust
- Set-AdfsLocalClaimsProviderTrust
