How to write an ADFS claims rule for a custom Active Directory attribute

I worked a case recently for a customer that wanted to pass a custom Active Directory attribute as a claim. It’s actually easy to do and does not require a custom claim rule, but the answer is less than obvious.

To create a new Issuance Transform Rule on the relying party trust. Follow these steps:

Choose Add Rule

Use the Send LDAP Attributes as Claims template


Name the rule and choose the Active Directory attribute store.


Next, type the custom attribute name I the Ldap Attribute dropdown exactly as it appears in ADSI Edit or your favorite ldap browser of choice. Hit enter.


You will notice that now if you choose the dropdown, the custom attribute is saved towards the bottom for future use.


You can now map that attribute to any of the claim types built in to ADFS  – I happen to have chosen the “Name” claim type – and select Finish.


That’s how to create an ADFS claims rule for your Active Directory custom attribute.  Deceptively easy.  Hope this helps.

Tagged with: ,
Posted in ADFS