deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 12:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'Issue#3421' of https://github.com/j0rt3g4/windows-itpro-docs into Issue#3421

Browse Source
This commit is contained in:
Jose Ortega
2019-05-30 15:31:57 -05:00
parent 76d42f904f e93fda0490
commit 32c3d9d82b
1 changed files with 0 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
View File

@ -373,7 +373,6 @@ The following script helps you with the creation of the issuance transform rules
Type = "http://schemas.microsoft.com/ws/2012/01/accounttype", Type = "http://schemas.microsoft.com/ws/2012/01/accounttype",
Value = "DJ" Value = "DJ"
);' );'
$rule2 = '@RuleName = "Issue object GUID for domain-joined computers" $rule2 = '@RuleName = "Issue object GUID for domain-joined computers"
c1:[ c1:[
Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
@ -391,7 +390,6 @@ The following script helps you with the creation of the issuance transform rules
query = ";objectguid;{0}", query = ";objectguid;{0}",
param = c2.Value param = c2.Value
);' );'
$rule3 = '@RuleName = "Issue objectSID for domain-joined computers" $rule3 = '@RuleName = "Issue objectSID for domain-joined computers"
c1:[ c1:[
Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
@ -404,7 +402,6 @@ The following script helps you with the creation of the issuance transform rules
Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$" Issuer =~ "^(AD AUTHORITY|SELF AUTHORITY|LOCAL AUTHORITY)$"
] ]
=> issue(claim = c2);' => issue(claim = c2);'
$rule4 = '' $rule4 = ''
if ($multipleVerifiedDomainNames -eq $true) { if ($multipleVerifiedDomainNames -eq $true) {
$rule4 = '@RuleName = "Issue account type with the value User when it is not a computer" $rule4 = '@RuleName = "Issue account type with the value User when it is not a computer"
@ -448,7 +445,6 @@ The following script helps you with the creation of the issuance transform rules
Value = "http://' + $oneOfVerifiedDomainNames + '/adfs/services/trust/" Value = "http://' + $oneOfVerifiedDomainNames + '/adfs/services/trust/"
);' );'
} }
$rule5 = '' $rule5 = ''
if ($immutableIDAlreadyIssuedforUsers -eq $true) { if ($immutableIDAlreadyIssuedforUsers -eq $true) {
$rule5 = '@RuleName = "Issue ImmutableID for computers" $rule5 = '@RuleName = "Issue ImmutableID for computers"
@ -469,13 +465,9 @@ The following script helps you with the creation of the issuance transform rules
param = c2.Value param = c2.Value
);' );'
} }
$existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules $existingRules = (Get-ADFSRelyingPartyTrust -Identifier urn:federation:MicrosoftOnline).IssuanceTransformRules
$updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5 $updatedRules = $existingRules + $rule1 + $rule2 + $rule3 + $rule4 + $rule5
$crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules $crSet = New-ADFSClaimRuleSet -ClaimRule $updatedRules
Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString Set-AdfsRelyingPartyTrust -TargetIdentifier urn:federation:MicrosoftOnline -IssuanceTransformRules $crSet.ClaimRulesString
#### Remarks #### Remarks