This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 86%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
I'm trying to create a claim issuance policy. One of the mappings has to be the user SID. When I use the Get-ADUser powershell cmdlet I can see the User SID property is "SID", but when I try to find that in the list of pre-defined LDAP menu items, there is nothing there like that. no objectSID either. Can I just type that in, and if so will it work?
Thanks
I added the SID myself. I'm not sure if it will work
When an attribute is not in the wizard, you can just type its actual LDAP display name. For the SID it is "objectSid".
But there is an easier way in this case. The user's SID is already in the claim pipeline (it is coming from the AD acceptance rules). SO instead of doing a LDAP call, you can simply chose the "Passthrough or Filter an Incoming Claim" template and use the following:
