This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 95%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
hi I created the custom claim for that so please check the below claim which is created by me:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/password"), query = "(&(objectClass=user)(objectCategory=person));mail,givenName,sn;{0}", param = c.Value);
using that claim I can log in successfully. you can check the below SS when clicking on the below link:
https://drive.google.com/file/d/1lV2zb6uV8PWzqk4qsgwVb6iFu-15O4bN/view?usp=sharing
but a problem like I get total email =500 but name=200 so I can not be mapping this, so I want this data with any particular one claim/rule
I already create below claim but this is not working:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
&& c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/surname"]
&& c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/name"]
=> issue(Type = "http://Mydomainname.com/members", Value = c1.Value + " " + c2.Value);
So I want something like the above in one type of link and get all the details of all users.
please click on the below link the check hows my code for that getting outgoing claims:
https://drive.google.com/file/d/1Mwo7-ai0v1503dIr_37SkFhXZJYF-a4F/view?usp=sharing
Please guide me on what I can do for that my main concern is I want all users of ADFS using the ADFS authentication, So I have already done Authentication but I can not get all user's details in a single claim/rule.
Thanks & regards
Bhavdip Talaviya
You don't. ADDS doesn't use federation. Your token is good for your user to access your app.
If the ADDS is synchronized to Azure AD, then you can have your app trust Azure AD instead and then have some OAuth2 on behalf user flow calls to query the list of objects from the Azure AD Graph API.
At this point, this is no longer an ADFS issue I'm afraid. I would suggest you look at Azure AD and OAuth2 integration.
hi @Pierre Audonnet - MSFT Can you please say me how to sync windows active directory users to the azure active directory using c#.
Actually, I don't sync the windows users to the azure active directory but I need windows, active directory users, using the ADFS after windows account login ( SAML)
account login.
Can you please guide me is it possible to use the ADFS?
I have knowledge about how to get the azure active directory users and I did the code and called that graph API But I need a windows active directory for all users using ADFS.
Thanks
Hi, @Pierre Audonnet - MSFT is it possible to get all user's details of the windows active directory using windows account login using ADFS?
ADFS issues token for applications which understand WS-Trust, WS-Federation, SAML2, OpenID Connect and OAuth2.
Active Directory Domain Services (your on-prem DCs) understand NTLM and Kerberos for authentication and LDAP to directory request.
If you want to query AD using LDAP, you will need to authenticate to the directory first. You can do that by using NTLM or Kerberos (you can also do that by sending a clear-text password to AD in an LDAP simple bind, but eh, that's 2021 I guess we can do better than simple binds). Your application will need an account with AD to make it work. This has nothing to do with ADFS and federation. This is basically an LDAP call from a C# app. At this point, I suggest you set aside ADFS as it serves no purpose in your case. And ask a new question with the appropriate developpers tags.