From 2ce723b45c28ce2d21a9ed88f1f91a84e6e379bc Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:10:52 -0500 Subject: [PATCH 1/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 67f71d8749..d5c7899982 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -374,7 +374,6 @@ The following script helps you with the creation of the issuance transform rules Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Value = "DJ" );' - $rule2 = '@RuleName = "Issue object GUID for domain-joined computers" c1:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", From 039e1fc155505f504977bf86625923c2b6d46e90 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:03 -0500 Subject: [PATCH 2/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index d5c7899982..355f26a044 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -391,7 +391,6 @@ The following script helps you with the creation of the issuance transform rules query = ";objectguid;{0}", param = c2.Value );' - $rule3 = '@RuleName = "Issue objectSID for domain-joined computers" c1:[ Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", From 4b6872f6717ef14a6e90660b56eac4e2676e39f4 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:10 -0500 Subject: [PATCH 3/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 355f26a044..57f74f6c6e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -468,7 +468,6 @@ The following script helps you with the creation of the issuance transform rules param = c2.Value );' } - $existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5 From 1b8cfc41b746c6b8265c2de17c76a7c330c20049 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:17 -0500 Subject: [PATCH 4/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 57f74f6c6e..46fda5bf95 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -473,7 +473,6 @@ The following script helps you with the creation of the issuance transform rules $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5 $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules - Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString #### Remarks From 563eebd5ca181ee26bbc5cc0470c9c96932a74bc Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:33 -0500 Subject: [PATCH 5/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 46fda5bf95..75c71ecd98 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -471,7 +471,6 @@ The following script helps you with the creation of the issuance transform rules $existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5 - $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString From 3be2c9c781ca24e6bf7ebd051fc0308d82eefbac Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:45 -0500 Subject: [PATCH 6/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 75c71ecd98..8e5c529493 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -469,7 +469,6 @@ The following script helps you with the creation of the issuance transform rules );' } $existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules - $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5 $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString From 054556c963a909abff3a90ad263f929399331e0e Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:11:55 -0500 Subject: [PATCH 7/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 8e5c529493..56ca6ad60c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -447,7 +447,6 @@ The following script helps you with the creation of the issuance transform rules Value = "http://' + $oneOfVerifiedDomainNames + '/adfs/services/trust/" );' } - $rule5 = '' if ($immutableIDAlreadyIssuedforUsers -eq $true) { $rule5 = '@RuleName = "Issue ImmutableID for computers" From e93fda0490108bebe92ddd983b3ea59598ba03cd Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 30 May 2019 15:12:02 -0500 Subject: [PATCH 8/8] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-devreg.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 56ca6ad60c..e330eab070 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -403,7 +403,6 @@ The following script helps you with the creation of the issuance transform rules Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$" ] => issue(claim = c2);' - $rule4 = '' if ($multipleVerifiedDomainNames -eq $true) { $rule4 = '@RuleName = "Issue account type with the value User when it is not a computer"