New-Adfs Access Control Policy

Creates an AD FS access control policy.

Syntax

New-AdfsAccessControlPolicy
   -Name <String>
   [-SourceName <String>]
   [-Identifier <String>]
   [-Description <String>]
   [-PolicyMetadata <PolicyMetadata>]
   [-PolicyMetadataFile <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AdfsAccessControlPolicy cmdlet creates an Active Directory Federation Services (AD FS) access control policy from a policy metadata file.

Examples

Example 1: Create a policy template from a policy metadata file

PS C:\> $t=New-AdfsAccessControlPolicy -Name "DemoOne" -PolicyMetadataFile "C:\filepath\ PolicyTemplateIntranetWithOneGroupParameterMFA.xml"

This command creates a policy template from a policy metadata file.

Example 2: Create a relying party using the policy template

PS C:\> Add-AdfsRelyingPartyTrust -Name "DemoRP1" -Identifier "https://DemoRP1" -AccessControlPolicyName DemoOne -AccessControlPolicyParameters "Administrators"

This command creates a relying party using the policy template.

Example 3: Change parameters

PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyParameters ("Administrators","Users") -AccessControlPolicyName "DemoOne"

This command changes parameters for an access control policy.

Example 4: Un-assign a policy template

PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName $null

This command un-assigns a policy template.

Example 5: Create a policy template from an existing template

PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyOne" -SourceName "DemoOne"

This command creates a policy template from an existing template.

Example 6: Create a policy template from existing metadata

PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyTwo" -PolicyMetadata $t.PolicyMetadata

This command creates a policy template from existing metadata. The $t variable is an object from New-AccessControlPolicy .

Example 7: Create a policy template from a relying party result policy

PS C:\> New-AdfsAccessControlPolicy -Name "DemoCopyWithAssignment" -PolicyMetadata $r.ResultantPolicy

This command creates a policy template from a relying party result policy. The $r variable is the object returned from Get-AdfsRelyingPartyTrust .

Example 8: Change the relying party to use a new template

PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName "DemoTwo" -AccessControlPolicyParameters @{PermitGroup="Users";RejectGroup="Administrators"}

This command changes the relying party to use a new template.

Example 9: Complicated conditions with specific claims

PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName DemoRP -AccessControlPolicyParameters `
    @{"SPParameter"= @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value="Redmond"}}

Example 10: Two specific claims for single parameter

PS C:\> Set-AdfsRelyingPartyTrust -TargetName "DemoRP1" -AccessControlPolicyName "DemoRP" -AccessControlPolicyParameters `
    @{"SPParameter"= (@{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/OfficeLocation"; Operator="Equals"; Value=("Redmond","DC")}, `
                      @{ClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/Department"; Operator="Equals"; Value="Azure"})}

Required Parameters

-Name

Specifies a name.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-Description

Specifies a description.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Identifier

Specifies an ID.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PolicyMetadata

Specifies metadata for the policy.

Type: PolicyMetadata
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-PolicyMetadataFile

Specifies a file that contains metadata for the policy.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SourceName
Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False