Change the auditing limitation for an organization group or custom claim

Applies To: Windows Server 2003 R2

Active Directory Federation Services (ADFS) uses claims to transfer user information that is used for authorization in the resource Federation Service. By default, auditing of an organization group or custom claim is not limited, which means that both the claim name and its value are audited, or shared, when the claim is produced or mapped. If you limit the auditing of an organization group or custom claim, the ADFS audit logs indicate only the name of the claim; the value of the claim is omitted. Omitting the value protects the privacy of sensitive data, such as the groups to which a user belongs.

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To change the auditing limitation on an organization group or custom claim

1. Click Start, point to Administrative Tools, and then click Active Directory Federation Services.

2. Double-click Federation Service, double-click Trust Policy, double-click My Organization, and then click Organization Claims.

3. In the details pane, right-click the organization group or custom claim whose auditing you want to change, and then click Properties.

4. Click to select or clear the Limit the auditing of this claim check box to change the existing setting.