PowerShell Logo Small

Set-ADClaimTransformLink



This is the built-in help made by Microsoft for the command 'Set-ADClaimTransformLink', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Applies a claims transformation to one or more cross-forest trust relationships in Active Directory.

SYNTAX


Set-ADClaimTransformLink [-Identity] <ADTrust> [-Policy] <ADClaimTransformPolicy> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-PassThru] [-Server <String>]
-TrustRole {Trusted | Trusting} [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-ADClaimTransformLink cmdlet can be used to apply a claims transformation to one or more cross-forest trust relationships in Active Directory.



<

RELATED LINKS


Online Version: http://go.microsoft.com/fwlink/p/?linkid=291111

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>New-ADClaimTransformPolicy -Identity DenyAllPolicy -DenyAll
PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusted
PS C:\> Set-ADClaimTransformLink "corp.contoso.com" -Policy DenyAllPolicy -TrustRole Trusting



This example applies the claims transformation policy DenyAllPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts as both the trusted and
trusting domain in the trust. Effectively, the rule is applied to both claims coming in to this domain from its trust partner, and claims flowing out of this domain towards
its trust partner.

Since the specified transformation rule denies all claims to be sent or received, this domain will now deny all claims from being sent to or received from the other domain,
the trust partner.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>New-ADClaimTransformPolicy -Identity AllowAllExceptCompanyAndDepartmentPolicy -AllowAllExcept Company,Department
PS C:\> Get-ADTrust "corp.contoso.com" | Set-ADClaimTransformLink -Policy AllowAllExceptCompanyAndDepartmentPolicy -TrustRole Trusted



This example applies the claims transformation policy AllowAllExceptCompanyAndDepartmentPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts
as the trusted domain in the trust. Effectively, the rule is applied to claims flowing out of this domain towards its trust partner.

Since the specified transformation rule allows all claims to be sent or received except Company and Department, this domain will now allow all claims except the two from
being sent to the other domain, the trust partner.




-------------------------- EXAMPLE 3 --------------------------

PS C:\>New-ADClaimTransformPolicy -Identity HumanResourcesToHrPolicy -Rule 'C1:[Type=="ad://ext/Department:88ce6e1cc00e9524", Value=="Human Resources", ValueType=="string"]
=> issue(Type=C1.Type, Value="HR", ValueType=C1.ValueType);';
PS C:\> Set-ADClaimTransformLink -Identity "corp.contoso.com" -Policy HumanResourcesToHrPolicy -TrustRole Trusting



This command applies the claims transformation policy HumanResourcesToHrPolicy to the trust corp.contoso.com. The rule is applied to where this domain acts as the trusting
domain in the trust. Effectively, the rule is applied to claims coming in to this domain from its trust partner.

Since the specified transformation rule transforms the value Human Resources into HR in the claim ad://ext/Department:88ce6e1cc00e9524, this domain will now transform the
claim value received from the other domain, the trust partner, from Human Resources to HR.