Site icon TOSS

Add-AdfsLocalClaimsProviderTrust

powershell

Add-AdfsLocalClaimsProviderTrust is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.

Synopsis

Creates a local claims provider trust.

Description

The Add-AdfsLocalClaimsProviderTrust cmdlet creates a local claims provider trust. This trust is based on a Lightweight Directory Access Protocol (LDAP) v3 compliant directory other than the Active Directory domain of which the Active Directory Federation Services (AD FS) server is a member. This includes other, untrusted, Active Directory forests or domains, Active Directory Lightweight Directory Services directories, and non-Active Directory LDAP directories.

Parameters

 -AcceptanceTransformRules
Specifies the set of claim rules to configure on the local claims provider trust. These rules determine the information that is accepted from the partner represented by the local claims provider trust.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       true(ByPropertyName)
    Accept wildcard characters?  false

-AcceptanceTransformRulesFile <String>
    Specifies the full path of a file that contains the set of claim rules to configure on the local claims provider trust.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-AnchorClaimLdapAttribute <String>
    Specifies the LDAP attribute to which the user name that the user enters isl be matched to find the correct user account in the LDAP directory.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-AnchorClaimType <String>
    Specifies the claim type of the anchor claim in AD FS.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Enabled <Boolean>
    Indicates whether the trust is enabled.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Force <SwitchParameter>
    Forces the command to run without asking for user confirmation.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Identifier <String>
    Specifies the ID, as a URI, of the claims provider trust.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-LdapAttributeToClaimMapping <LdapAttributeToClaimMapping[]>
    Specifies a mapping of LDAP directory attributes to claim types. Each mapping causes an AD FS claim with the corresponding claim type and LDAP attribute value to be available for AD FS processing rules. To obtain a mapping, use the New-AdfsLdapAttributeToClaimMapping cmdlet.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-LdapAuthenticationMethod <LdapAuthenticationMethod>
    Specifies the authentication method the local claims provider trust uses. In Windows Server 2016, the only supported method is Basic (username/password).

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-LdapServerConnection <LdapServerConnection[]>
    Specifies an array of LDAP server connections that the claims provider trust uses. To obtain an LdapServerConnection object, use the New-AdfsLdapServerConnection cmdlet.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Name <String>
    Specifies a name for the local claims provider trust.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Notes <String>
    Specifies notes.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-OrganizationalAccountSuffix <String[]>
    Specifies an array of organizational account suffixes that administrator can configure for the claims provider trust for a Home Realm Discovery (HRD) scenario.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PassThru <SwitchParameter>
    Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Type <String>
    Specifies the type of the claims provider trust. The acceptable values for this parameter are: ActiveDirectory and LDAP.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-UserContainer <String>
    Specifies a user container.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-UserObjectClass <String>
    Specifies a user object class.

    Required?                    true
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Confirm <SwitchParameter>
    Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WhatIf <SwitchParameter>
    Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

Syntax

Add-AdfsLocalClaimsProviderTrust -Name <String> -Identifier <String> [-AcceptanceTransformRules <String>] [-AcceptanceTransformRulesFile <String>] [-Enabled <Boolean>] [-Notes <String>] [-OrganizationalAccountSuffix <String[]>] [-Force] [-Type <String>] [-PassThru] [-WhatIf] [-Confirm] -LdapServerConnection <LdapServerConnection[]> -UserObjectClass <String> -UserContainer <String> -AnchorClaimLdapAttribute <String> -AnchorClaimType <String> [-LdapAuthenticationMethod <LdapAuthenticationMethod>] [-LdapAttributeToClaimMapping <LdapAttributeToClaimMapping[]>] [<CommonParameters>]

—————-Example 1—————-
Create an LDAP local claims provider trust
PS C:>$Credential = Get-Credential
PS C:\ > $LdapConn = New-AdfsLdapServerConnection -HostName “DC.TOSSolution.com” -Port 389 -SslMode None -AuthenticationMethod Basic -Credential $Credential
PS C:\ > $DisplayName = New-AdfsLdapAttributeToClaimMapping -LdapAttribute “displayName” -ClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname”
PS C:> Add-AdfsLocalClaimsProviderTrust -Name “testldap” -Identifier “urn:testldap” -Type ldap -LdapServerConnection $LdapConn -UserObjectClass user -UserContainer “CN=Users,DC=,DC=,DC=com” -LdapAuthenticationMethod Basic -AnchorClaimLdapAttribute userPrincipalName -AnchorClaimType “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn” -AcceptanceTransformRules “c:[] => issue(claim=c);” -Enabled $True [-OrganizationalAccountSuffix “TSQA.TOSSolution.com” – LdapAttributeToClaimMapping $DisplayName]
The first command prompts you for a user name and password by using the Get-Credential cmdlet. The command stores the results in the $Credential variable.
The second command creates an LDAP connection by using the New-AdfsLdapServerConnection cmdlet. DC.TOSSolution.com is the fully qualified domain name of a domain controller in the other forest. The command stores the result in the $LdapConn variable.
The third command creates a mapping of an LDAP directory attribute to a claim type by using the New-AdfsLdapAttributeToClaimMapping cmdlet.
The final command creates an LDAP claims provider trust to authenticate users in another, untrusted Active Directory forest.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Add-AdfsLocalClaimsProviderTrust

You can also read about

To know more PowerShell cmdlets(Commands) on Active Directory Federation Services(ADFS) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version