Thursday, July 12, 2012

AD : Adding the extension attributes

 

Quite often when you work with AD, you need some extra attributes to store customer specific information. I normally use the extensionAttributes (1 through 15) for this.

The problem is that they are not in AD out-the-box.

They are part of the Microsoft Exchange Server schema. The schema is the only part you have to install. You do NOT have to install Exchange.

Refer Prepare Active Directory and Domains

I used Exchange 2010 SP2. I guess you could download the trial version if you don’t have the DVD to hand?

To install, just run “Setup /PrepareSchema” to have the additional extension attributes added.

Note that you need to be a “Domain Admin” & “Schema Admin” & “Enterprise Admin” in order to run this script.

Enjoy!

Friday, July 06, 2012

ADFS : List of claims types

There’s a number of lists all over the place.

This one comes from SelfSTS.

"http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor",
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/anonymous,
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication,
http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant,
"http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecision",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims",
"http://schemas.xmlsoap.org/ws/2009/09/identity/claims",
"http://schemas.microsoft.com/ws/2008/06/identity/claims",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/cookiepath",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/dsa",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/expiration",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/expired",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/hash",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/ispersistent",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/sid",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/system",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uri",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/userdata",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/version",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishedname",
"http://schemas.xmlsoap.org/claims",
"http://schemas.xmlsoap.org/claims/CommonName",
"http://schemas.xmlsoap.org/claims/EmailAddress",
"http://schemas.xmlsoap.org/claims/Group",
"http://schemas.xmlsoap.org/claims/UPN"

You are free to construct any claim type you wish e.g.

http://schemas.company.co.nz/identity/claims/teamidentifier

Enjoy!