Map an organization custom claim to an Active Directory or ADAM user attribute (custom claim extraction)
Updated: September 13, 2007
Applies To: Windows Server 2003 R2
Whether you use Active Directory or Active Directory Application Mode (ADAM) as the Active Directory Federation Services (ADFS) account store for an account Federation Service, an organization custom claim maps to an administratively assigned Lightweight Directory Access Protocol (LDAP) attribute for the user that the claim identifies. This mapping is called a custom claim extraction.
For example, if the user is to be identified by position, you might create the organization custom claim Position and use the Title attribute to identify the user's position. If the Title attribute is present in the Active Directory or ADAM store, the corresponding organization custom claim is generated with the value of the Title attribute. Suppose that the Title attribute of the user account has the value "Software Engineer." In this case, the organization custom claim Position is generated for this user with the value "Software Engineer." If the Title attribute is not found for the user account, the Position claim is not generated for the user.
Perform this procedure in the account Federation Service.
To complete this procedure, you must be a member of the Administrators group on the local computer.
To map an organization custom claim to an Active Directory or ADAM user attribute
Click Start, point to Administrative Tools, and then click Active Directory Federation Services.
Double-click Federation Service, double-click Trust Policy, double-click My Organization, double-click Account Stores, right-click ADAM or Active Directory, point to New, and then click Custom Claim Extraction.
In the Create a New Custom Claim Extraction dialog box, in Attribute, type the LDAP attribute name for the user.
In Map to this Organization Claim, select the organization custom claim to map to the attribute, and then click OK.